Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition affects the IBM FlashSystem models 840 and 900

2023-02-18T01:45:50

Description

## Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities (CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-2183) could make the system susceptible to integrity and confidentiality impacts, and make it susceptible to a man-in-the-middle attack or a denial of service attack. ## Vulnerability Details **CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) **DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. CVSS Base Score: 7.5 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) **CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) **DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. CVSS Base Score: 6.5 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) **CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) **DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. CVSS Base Score: 6.5 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) **CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) **DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. CVSS Base Score: 5.3 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) **CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) **DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. CVSS Base Score: 3.7 CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) ## Affected Products and Versions FlashSystem 840 machine type and models (MTMs) affected include 9840-AE1 and 9843-AE1. FlashSystem 900 MTMs affected include 9840-AE2 and 9843-AE2. Supported code versions which are affected · VRMFs prior to 1.3.0.9 · VRMFs prior to 1.4.7.0 ## Remediation/Fixes _MTMs_ | _VRMF_| _APAR_| _Remediation/First Fix_ ---|---|---|--- **FlashSystem ****840 MTM: ** 9840-AE1 & 9843-AE1 **FlashSystem 900 MTMs:** 9840-AE2 & 9843-AE2| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream: ___ Fixed Code VRMF __ _1.4 stream: 1.4.7.0 _ _1.3 stream: 1.3.0.9_| _ __N/A_| [**_FlashSystem 840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>)** **and [**_FlashSystem 900 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+900&release=All&platform=All&function=all>)** **are available @ IBM’s Fix Central_ _ ## Workarounds and Mitigations None ##

Affected Software

CPE Name	Name	Version
	ibm flashsystem 900	any
	ibm flashsystem 900	any

{"id": "FFD48300A19B13C218899602046E4BCCA555158C999FF29AA1F963C0113BA3C7", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition affects the IBM FlashSystem models 840 and 900", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition to which the IBM\u00ae FlashSystem\u2122 840 and FlashSystem\u2122 900 are susceptible. An exploit of these vulnerabilities (CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-2183) could make the system susceptible to integrity and confidentiality impacts, and make it susceptible to a man-in-the-middle attack or a denial of service attack.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nFlashSystem 840 machine type and models (MTMs) affected include 9840-AE1 and 9843-AE1. \n \nFlashSystem 900 MTMs affected include 9840-AE2 and 9843-AE2. \n \nSupported code versions which are affected \n\u00b7 VRMFs prior to 1.3.0.9 \n\u00b7 VRMFs prior to 1.4.7.0\n\n## Remediation/Fixes\n\n_MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**FlashSystem ****840 MTM: ** \n9840-AE1 & \n9843-AE1 \n \n**FlashSystem 900 MTMs:** \n9840-AE2 & \n9843-AE2| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream: \n \n___ Fixed Code VRMF __ \n_1.4 stream: 1.4.7.0 _ \n_1.3 stream: 1.3.0.9_| _ __N/A_| [**_FlashSystem 840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>)** **and [**_FlashSystem 900 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+900&release=All&platform=All&function=all>)** **are available @ IBM\u2019s Fix Central_ _ \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2023-02-18T01:45:50", "modified": "2023-02-18T01:45:50", "epss": [{"cve": "CVE-2016-2183", "epss": 0.00439, "percentile": 0.71142, "modified": "2023-06-03"}, {"cve": "CVE-2016-5546", "epss": 0.00422, "percentile": 0.70573, "modified": "2023-06-03"}, {"cve": "CVE-2016-5547", "epss": 0.00443, "percentile": 0.71239, "modified": "2023-06-03"}, {"cve": "CVE-2016-5548", "epss": 0.00321, "percentile": 0.66289, "modified": "2023-06-03"}, {"cve": "CVE-2016-5549", "epss": 0.00321, "percentile": 0.66289, "modified": "2023-06-03"}], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://www.ibm.com/support/pages/node/650115", "reporter": "IBM", "references": [], "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "immutableFields": [], "lastseen": "2023-06-03T17:38:18", "viewCount": 13, "enchantments": {"score": {"value": 0.9, "vector": "NONE"}, "dependencies": {"references": [{"type": "aix", "idList": ["JAVA_JAN2017_ADVISORY.ASC", "OPENSSL_ADVISORY21.ASC"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2016-2183"]}, {"type": "altlinux", "idList": ["0653EF8FF93081FDAAAD6A62AD8FC143", "9D1BFD1F5DED4F791BE8B063FE579BF5", "D037F1D5A73BA6F6D6E3391F1C50B295", "D9F68116E5F92212DE7F9C8E8C1305BF", "F4983E5BD264C7DCE81454497ACB4A75"]}, {"type": "amazon", "idList": ["ALAS-2016-755", "ALAS-2017-791", "ALAS-2017-797"]}, {"type": "archlinux", "idList": ["ASA-201609-23", "ASA-201609-24"]}, {"type": "arista", "idList": ["ARISTA:0024"]}, {"type": "attackerkb", "idList": ["AKB:9AB03E2E-596C-490F-8DCB-1A41D344A5AD"]}, {"type": "centos", "idList": ["CESA-2016:1940", "CESA-2017:0180", "CESA-2017:0269", "CESA-2018:2123"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-0822"]}, {"type": "cisco", "idList": ["CISCO-SA-20160927-OPENSSL"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:5C300E479531E65B86D1CE2C330F61A9", "CFOUNDRY:927660022E9A31CE680A6AE3AFF33997"]}, {"type": "cve", "idList": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2023-0296"]}, {"type": "debian", "idList": ["DEBIAN:DLA-637-1:F8314", "DEBIAN:DLA-821-1:00F61", "DEBIAN:DLA-821-1:43AAB", "DEBIAN:DSA-3673-1:477A4", "DEBIAN:DSA-3782-1:B007B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-5546", "DEBIANCVE:CVE-2016-5547", "DEBIANCVE:CVE-2016-5548", "DEBIANCVE:CVE-2016-5549"]}, {"type": "exploitdb", "idList": ["EDB-ID:42091"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:069C31B8DD5A351921E96252215466D8"]}, {"type": "f5", "idList": ["F5:K13167034", "F5:K15518610", "SOL13167034", "SOL22071504"]}, {"type": "fortinet", "idList": ["FG-IR-16-048", "FG-IR-17-173"]}, {"type": "freebsd", "idList": ["43EAA656-80BC-11E6-BF52-B499BAEBFEAF"]}, {"type": "gentoo", "idList": ["GLSA-201612-16", "GLSA-201701-65", "GLSA-201707-01"]}, {"type": "github", "idList": ["GHSA-HGV6-W7R3-W4QW"]}, {"type": "hackerone", "idList": ["H1:1271701", "H1:199436", "H1:199438", "H1:199445", "H1:207404", "H1:207457", "H1:217431"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20170322-01-OPENSSL"]}, {"type": "ibm", "idList": ["0056EE11EA09B36A49F1DE64F6E08BAB43933908E22425A1B41961979BB625D5", "007E4732B5C858D68314FCBC681F238D11A80EC2685E0C320CE28F1D80CB4ECA", "00C392F80C93B9FD9D5E530029FDB643360FA8C14DBEEED32C8359B1CA0E28A9", "017198847549473B2F1109F9F4CE4C76950F186E9BE5A4FEADE9746A60AB9F69", "0199BCC78418FD8D57FCBD8F6822F3BB285BAD40BEA717ED6C2D19608D3AA7D0", "0460018CD0F0FBC2F6263BDA6748403486347AC96B44DDED3C0598821AF08EE0", "04CCD85F205DB5AE3B48DF024CA31C67FF8428AFCAA4F57505358014C07CB875", "04EED2117E1687EB241C7ABC5CB11968429DE85CA86DBFFC8AA9194D5653A8C9", "059BFBBD8CB8F92E03748427F677CBE26E890BA80C56429CEEE0842DFE7AAD52", "05A8F2E1B6274309D200B691C3FFA649E531D6AEB2C7195282A6AA8FC98D1F17", "05E850F4BA5E54B59E8E6813ED22A9D63AE8E31513D1E4B83D19B9435602D398", "068FAB857EA00E655E3085D74750F65E3105FE902F9098947EB065D04454EAD4", "08EAB8F1C98D41F4C5FC629CC4BB5A51568ED9245CEA47A291B46DE27A019E34", "09BC2064F811FC94E18ED98B95A8F98471F59FB9C9B4214342140B11920367AE", "0ACDC7CDDEE06F34F2256DD048A556D53156ACF793ADBE3C9ED53FEEE712EF49", "0BB0F39865741AB9E1AFB9CA3C5508F7FB9BEACECB805F04C6C6B336AA66617E", "0C1A8A8F899BAD393CEAEFB362E8BA638024D8C0B7B920D545CE843E1DAA23DC", "0C79299B321D2780FBB0CD4805BD992203944E897E67630BAF1DFBCF8B2D1E86", "0CB9447A86F4E057E6BCCE438A998B8AC6A17C94584F25C62A55D07D5D528CE3", "0EDBD09066818302150073FA499E426B9E1E957BDBE65933BB41C32EAC61E483", "0EE17D440C828A2F1F3F9C3FDE6036B28E45371AB043D8D00888155801644813", "0F66A0EBF2BB354FEE49365A0BFF63BC3375F7D75B03AEC0D3A10E90CC949472", "11A86E6641297DAF1F727CB55B1F67C48A1B3D5E2E1EF8DAADBD7B84B7DAA777", "12522D1CCD84515F25E20591A90BEBDC8229C93BD0F8E9793B32E660E1C07DF5", "142CC78D456D60E4C1854BC0E93F8802FF4122A7CF6BFD85E457671E02B96A45", "178E9B6BDE18143A8F85AA25AD187AF0AE68FA979A81CAFC5F1D360B4174898F", "17C5F79C4C7AA38B0382C6A83D3B5EB17A334C042A875A99DDFEE93B8FCB82B0", "18B96DE05BF0786F2E502EA655A34ADD9948A43CDE594B5E138159578EBD5E66", "191ED0FC710CC29D37F2021F055C5B6E215B0D429C955179B8D16255149183CC", "1B2DCE61952BC751A0A03EA7E17596B9EB37FF0F00BB308BB9D09896E591D7E1", "1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "1C7571B870C8E0F53BD1021F740C140F42C5E17DC0CF9E67A9EA518C91C58FE9", "21291E7103EF813617AD5162F9C81594AEA73B724194E64B80D67B6DDB05F469", "240744519B112F3C4E838F7CE98F8A3579F299DB3BA3E90DA7A3F29933F44E01", "25A108BB00669C6AFB7F493C12E44D6EEF88BF241A2EA038F40197F15B5975F3", "26CE7C1AAFA750AEA550E154567083BB107029164FBC8A538FD7AE568423A32C", "2738301572CC0670AAB7ACA2C963C38B5B1394CC42119918238395FE970B332F", "28F09F928D8A64947630E0341FDF6E6F1981E04939D0DE4237070C2BDEC2DDA7", "28F0B5CF7BC3DF04CC0364751D4F7FE6AD2A3C13D4AB2983EE89EA3F190062DB", "29E8DF2548D15855ED1F694836BF1353CF77C43B34A7804BF50EE34D690F9E45", "2B78C28C58CA4403F484741442315FDFB10F5CC97721D16541A7CEA0165B8942", "2CA5D41818E752F28081A75E5ED108A18F92F75F767B3E9B6E8AB54215538972", "2CE60F3BCA1954D1177A429B76DDB51644508FF53C966CC5BEE9F0AEC1F2183E", "2D1FE18DD0824F907F15EE3F25290AD46DBAB033270BCAD24610F562DB73F515", "2E9BC1AFBA9F34E20E313BA5B8B5B6C1AEEC0E8F6EC0B353125AA17460789A62", "2F59DE893FA8285491D437E4B059A11D5F337C0B22E23F84FF0196B4436172CD", "3048CBA7FDCF53E63595104F24F428E3014DB1EE5B3AE7E450E0E0C06E5736BB", "309C257881EC1B262C362A51A26ED2456552A2DE0687635F17746EA2BB9A63D6", "328EA4EC6B75924B9BAF1379828755E57421F5DD51277D579C2833A7289B6F85", "338AB08D090BA2BDA32CC469B5B114EB53839D2991DDD8A50E966F33D52E1318", "356FE57EA65A13321D1E838C9735B06928F0572E0C6AB0955DE122FCE0F71789", "35E4C20071A94158DAD0A5CFA05C6A8E04DE3E54C4F98B0191B3F3929812831C", "362519897130199933383963D7172C52F37C770CFADE7234B0EDB870089045C8", "36EAF692C244B6A8DC011E8C8A1978CD6EAB40CEB6194282C8F5C8D043B8FA10", "380CCDF94F63E9411CB17899AD61C96C46F6EEF9CF6D334DF2C4AC51A8FD2C67", "38458D3770070EAF0DF6F2EB778DE85F403B99890EB0B69F4B9333DB4492B9FB", "39C9A1E43EB70658FE71D01538582B5D0389F6360A624E0B8B800D6692A15BC0", "3D6246498CACCFF52D92DB28CC2A02DAA7ACB4972B156DE4B6CB298BFF2A769E", "3F02DA1DC04A6C658BCF965E5FB3FFCC64EB1D7D66FB0A8038636EF62D559250", "3F80F1C5995CB0E287AB72B1E8BF8C924AB58095FF03363465C1CD78E76837BF", "411DE209066A00259E38D292C22264C2EDA3B961B523920D589433F42FB534BC", "42DE03BFB60C7C03EC762C5A65E3D234775F9BF3F573DA84DD08CF37B63769A5", "449F34AAD10DD9765AEBD2663CC16B31AA5D35B533E921970DCB2DD9DF361C47", "47991D9067F3E8EA600E55446199432814A0D6200FFC38923B70F21CE2691318", "48F6840AC0A3A2A5DC3EB8D7F47480AADAE22C3CEDA66C7B389CD292BC042BFC", "490F1CC1FB87EE3C9419FE46CFBC9C89022CFC28645F183A9AE09BD05FF7E457", "4A2C5224A5D45C6378C117215B6377F5D1277DE19E121950C3A6023758C715BC", "4A5BA6F806D70D220D317E2FD1565C67DD9D79F0CCCC6F2EE1DF9D7FEAB9A24F", "4C0E8C3E838F3316F263E65E4947E024AF1A049E1FC87B6110AADEC5CD9B30BD", "4D46555CC0823FE00CE69BB661E3C164ECC9C67FF1657E99090AA350CB0CD0FB", "4D5E32921B9FDA0BABDB9FC856CA2C16B6015205472E4B5A027576A1AC49A0F6", "4DCD65078718A8D516F2EEE878B45FE5D131D6C4D4010E935F3E6A750A6D9BB3", "4E0EFF0D013B3FFE7E5660259848A887BD9155BA19EF19DA0730D3AB081E99C4", "4E2827C7B66E5750B0EA21231A352254C3192453528CBEDD0F4F230B934557F2", "53658B5822FB5B27F36DE790B6AA708F9A57252AF5BEAF761B6DABD797F7B775", "5429E38F465E299C92AC7DD86F130BA87C6D67982845432134DB7C6219AD5893", "552CCD91DA9A5C1B6B08BED8115E70317A59E9D05C357D2E72183BB05B7E0CE8", "55525A5AB54D0FA4DF8FA8BD6DC8E03E586A11FBFBE9E5EA61E7B15171D0178E", "55CEBB9E20A58983B23E3C229BF737495693CC60EFC2B16F3EF9E573880A87C2", "55DACA18AFE52B9657ED6763ECD6310E15A2B6AF470F5EA9C7BA6E971FD15B5B", "55F8F21346EDEA63D23DEC5EBB44C524EAAD84D3EF679B21A46A79265F3AEF5D", "55FA67BCBAA6733CED0D492F89AF1B40789BC45C04CD857041D7C44A7C56ED1E", "5603AD7C25C6F160A42CCD8CEC5CDE69A6C67D9EC380BE4F18A3ACC290E6DBF2", "56F2525873CB26E2DB226CC8119EE30731A25D91BAA62D20D78A2A86FFDEB7F2", "5729CD725FB94D26A62EF5EA5BED97BB34092F23F540A34F6782D495E0D44EFF", "57AD0C0FC8A00BEEF6E1F3C8A1E152181FB65DFF630150E0DA7D2BBD63A52DB2", "57CBD94F97013E208754F9AF764D3D11B1DD38D12A2436EA761D2BBFEB325C9A", "585BA495D30E535ED19078BE61EDB01B9542B69A4B1F97ED9F6E9F47727AE66A", "5A5125564C5E6100B8631DC69D64BB29F15CFE14C3E6A31A6DF6AD6E3808314A", "5A8825AD62C7A9668D229174BBF47E909FDDC63BC31C38BE196932E629C1F298", "5C7923D63FE9E28C3232FA5E48C042DF1DAAEFFA269010E68C9B0664FF539864", "5CA9DA659626C6A66E0E11E0FB84446C295C0C0B0E28FF6ED356CA0EA3C801D1", "5D4F062A535B083DCAFE40C555463FDC20B044731A77B663E5157BF58509D9D9", "5DFE6B79B25C44CBA008AA76D79705C9D2320EA9C2087D3E36D2BADCC47C9D82", "61017E9A33F2AF48C2143A4F8C20339857CDCE271B93772622C33DFBADFDEC1E", "610F319B093446D33A406C13D7223E58C1A95592F956579D6F5A13BBB3456B0F", "6390A51C827FA9826D05D6F22A5DB62BFFC9752CF836C6B898D5F5BEA5C44130", "66015684C1166B9AFC7A09E01337D5D9FE20EF8B62A13053D95EA5EAE5B3DB9B", "661038D02866F33EB6B87BA93B6392F175A00BE95B7EEE223493C4967AEE22D5", "66A1DCCF28AD4894199565D0071482309C00066713FC381EA0BA4645BE7CE3BC", "67C80EFFE11B1AC1B2BC370071FDC07472E419E70A224CB705FF75FD6834928B", "690D239C58B9390FCF645AFD52B371B51B1030E1E9C92B0826778C4F0564517B", "69A6EA281AC4328BC81447DEAF94CFCF026681260E4F53E94DBA50F99D58DCC7", "69A71DCA3AF973A137F5D03A63EFCFA24982B8766B86345D1914AF5B3BF502FB", "6AC3D160EBC9B7B2A7A56866F588F05DBD295AB4AE46EB1CD3A574DC726F9423", "6BA7119E438195193182006EE07A8361B9555CA549522A22F76B70DEC940EE67", "6C0F44079202A6A29F40AF9312C9BF35D7AB32AC9A43F7E92F1C25DAD4A35A55", "6C107A2A52C3CB8C7043BF560ADFEC6B0BE2520229D91A88B3B29AD9C90B1F84", "6C7AB1012C7AEA493F61B3F3AE6FBBA52E283C9CF0A9AF85B280B9CA9D04A3EC", "6F924CE97EAF01A558CD93CA2DE0592B84A0D2E46A023162677BE3BBE85AE3DC", "74C131424177C4CF6AB6651DDB44D29A469C829765AFB2DE36CEB42B84675139", "75275EF5EC2A3914957BBC73AFEC232F07FFEA5A6B3C177AC667E811C9BABD79", "775B57CB49BD54DD08F0B362C9B1350CE27111393E547386D47B85F4B30A09B9", "77FA959464E77CD2D3FEC090679425661D222D831CF3B1C6F715597D8077C55E", "79D11DDE94D9454365E3AA1412CDBD1A1B8D034E0320882C3AEA0F3D08C2ADD1", "79D43D17D2A976B2C3047912D4E3D7E3AD0E022693AF7355F8D1FB356A1EBD7E", "7A2D893F2FE7F77348033ABAB887687C87DB87D5D3A49EEC764B9B3146F2E94A", "7B9378AF248D940D0788A96824FAE025D12FC25C048224709857F9A129B7215F", "7BDE4A775032BF86A2B1CA5D5937FF4BBC0A6E3D08CBC6C379F3C3F04EF66805", "7C630DEEF9C025461097DE30AF143B45E948D8E848AEF027D365F38629529B0E", "7C65F66E299A696AD50FC2A47F7B7B0567F9E2199029781E8E606BB1970FD47C", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "804E6AF85F88574192F4F1A28E33A7B2125DAAA8A9A5135B29F2DA3EC81C4695", "809E4CF694B5B95B122BBA4091FD01DB408F612E91FB12D54920A9623768E6BA", "80C91CA022F79ACDEA0423AEF5701D511D848F98F4A10883EBD87E5B940F4449", "817FAC9CA9C88D8423B21DFBA93857C752C9806FAFA0DA80E447C913E94C1D9E", "818D64FAB138724C60F014197EF2ABD600F61BDB47F446BB8AEED6AE2402076B", "82AE70B9ED2B41E62EF1FCE5137F13A8B93DB64288D0D0230D8BFDC6839DC783", "82CFB7F32F039AC0F8DDE970DE4370ACD4CEC0331A2E9D56DD56DEAD19243268", "84136D96DA7036EE5B9C3BE96A193173114E760A0B04831983D99C82317AF481", "843A643E29100FE80A1F85E4177BC532FD3AAA0F456EED8DC57146873CD867A7", "8575D8248B9DA38940B8C0CCB82D1E07AFCED1CC97BE2C46A21CC51F08DEC7BC", "858FB8E97369CD4DDF4CD784282A9BBA036EEA4C10CBA1596C7F829494127C80", "85D99759D6DDD213709202E4F55212241CF73C31554DD57FB2F87409A7B0DFE1", "88434B8A216FA4E9A7EDA68EE4211C8B663C7638A841826D77EA59C924786031", "88AB81EF4773044E57A4B0519932B93A44584B2D567DE41B65A3D966948BD2BB", "88C8CF9B1989865EFD1C55095D4AB790C6DC1A4D65C5E126172ABE0EBC926E98", "89FB1F6DCB93BD46FCFDD81C133FAF99D78B130334B30CD3B4040684BCED2BBD", "8A2ACA257AB4B3D6F4C249E6C3067F3C8969F51AAE07BF57858F8E906EF7F475", "8A400BB6A99E8B90EEAFDEAC498275CFF269AF50ED449DD7602246B8F3C6CA90", "8B3B3FAE59032F92E437151A14796606A059539484E610CA8A4384D38D64734F", "8DC736DE56FAB6587FE3F3374A135C46A0E7ED405164BCFB17F0C06DF2FA350A", "91FFFBDFF8AF38616F8DA8CD36721FE00787312FC0E83BAE114FEBA3E7E232B4", "9214CE38F1DD3B6CCA3C0A0D3903A565EF865C916F6409B27D0CB5862470E985", "93AB36DA337BD0948599C903BE961AACA714BA542798E8A1A52B5604155A59E7", "95E18FF4914E6E4BE83A08A1ADAAFFA1524A8C188C1A59D88BB56AB9C9ED9228", "97559256B8C83FB25D3AC653E1F3EBADCC04D4EF78DA4844805305C7544A6E9D", "97CF77A702900BA77E968389309024695F5A4B413BCB706E68F012C99DB07821", "98FBC29C8A3721BDF3BD24351FB4EDFE39F3D687293733385EB60C6187F38E27", "996F645DC3B49CC7398E4C90C384D03751E395B6523F4594A6FC7F1B1941A5FA", "9CC05BC9AAF90AC9A35EC7A7CEE6806A4960FEA9D45AFD554B0BCC73294A38C3", "9D49F42EF4A0225B668D70A35EF57A994731D3D83E68392C7C0F324576482B10", "9FE6952342711EF692F100168AD98655321CB35A597FB04C793D861D33D9A9F8", "9FFD672388E3FD39EB2F7A51F8EA5C6593FD9BB5CBCF7E347F42124D11DA676C", "A0863CA5D5484ACA86A919293340C73A404BFFC99B98DF8E4D5C2BA4EFD49938", "A126A145E69CBBC87108F9848562481E6F22BB79D162EC867EB21CB2178D3468", "A19803485C52C0D9FAA3CF5A18608EACB0DDEDDFC0659219D85E396A032B936A", "A20DD20D95C60578C655644D1A8A4C9E587B5A7916261AE7A525E0C7B766C3AC", "A228DCB694CAC8220E8E2A0506C4BA75BC3542B483B96F88329D683D29298312", "A267D1E2FBDBDDBA30B3F120151A6B08EBCE1AB64F225AFE9863D2E63C1FF79F", "A289C76BB432E45208A7499D79C262FF7A8ECBE30D5964EEE23BDDA18D5CCA4E", "A452BCA89E301CA046119BFDC15BA43A08FBCD45A7999ADA0583C7B23537839A", "A4F052050E4B3F587B7183D9FC910B303A3AE883F2DC83385E6EEA13376742FD", "A7E7A98C18A437DD59F5F1F10B7CE5B2BFBACAE3F6E564B5B4F9B2226C989CA5", "A9B346426D7E045BF1AFCAA04855729B0A1174B2DAF2F97666408FD0C01D4B12", "AAF2444D3693DEED732DDA3749D3E19CD9BC8EC4BAA8F06BE89546470C973EEB", "AB91AC52CDF597E93AF79DE0C8F08E926367250FBDE0DB3DAF33556D0061634A", "AD89222617F895F6A68483970725D63E3E250AD136E5FC669CD376901654FE99", "ADDD549F8B2D1F178F3976E99F617EEDA8442305205283B06CC06FE04804E76F", "AE3685746163DCE703CA4C9996CB5B2E2985B9C1901E4598309A395E908BDDB9", "AED3A66493C3939E184C67E808AAD3B5C01A31398E8573966247517E35DC5A65", "AF9FD56EA5BF3F5BCB57F75A6AE54511504240DA00654FA57F2B5BA41E8F0751", "B1C96325B356B6322CE436FE75F350F9005DF2C5631508657564896656251B8B", "B2B869E92E2C0B24C8D4ECF615EFC9ECCD16AE763051DCDFC50A28156E3A511F", "B36A668C28C4D760F6B565A18CA1708BA647B0486720FF7FEE833AC59F8D4800", "B3A5EDE44ABC6245B8E4A7EF9AB8315E98A883E3DDBD174C990FBC7555AC967D", "B49C4446E6FB71C3C0944852AB81096006AD85BA0DF0C93938657176A22CBD9E", "B5976B7FE7A397B9F93B657DB2D7C5465B3737F96F623CDE31887F2CE1AEC89D", "B6E330D558AEA3A63E5B06D47046243959B8C2B20BA7866AAE3FA6E59F30BEB1", "B73E2AC64919358B53CBFE9E0576F144ECF05CB1E42E5E59DCDDEF0BD5FEF485", "B7F4D2883D13C31A6534DD4AF564AE15525F392CFEBE754984BDF499D627BDEC", "B93B1ED022809B9A00E51D3D9FF14D51097C6F07EC178C4396907981684D8768", "B969FE7130BCAD03B5F16694D6DB94079140935ECAAF2DABA8FB7CA6CE7FD40E", "B9A37A9137A6A153E70081729BB78D8014252B973451FD1F85F546C27C63DFCA", "BB4454A9E595CB5DCA50C624220A8FA66F556CD5D3FB737C88C07320DBC111CE", "BBF5FBFE519F80A6B36C8E6B6ADC28B6EFD07A34E8008B141A42401A9CE1DE28", "BD0B415C053FC80669F34B90324081AA9C7BB6D74CC54042D2661B32F9E38691", "BD244D6323B186793AF96234D84BC097585F104DD8186806E8394D4EE6A8D3B7", "BD43DD1867AC2917BC9CDC37222E975203BCC23E7C7CF119168DA166A717B0C9", "BD707B5E697F3383B038E22458B7732420CC5E5B323F5C3F9E3B3B6CBC7309E9", "BD83C6655DF589A9ABA3C23084AB0F01D10A09569D91FC02ED40475F9AA42DBC", "BD8C0A1C6CF7A152703C30BB58CB250DE8EF6981B86403CF103D9F8401EAC584", "BE6E8380C13D1103EE23BA2477B40F90E44B32F9B46BF16533F8DB60DB918AA5", "BEA0DEA8581DC561B3E0FB6213C2324D0764CB41F471CBFCCD4404F07F203E7F", "C0F80B7C16C9B80140D483C0FCD6882278F7435E15D4ED92C57FFA7E310185D5", "C2F11551C490E10BFAA814D528D82349D60E230C1FF169409FDDE70BC2DD9262", "C3195681625E7A9156EBF0A4F158D3296F6A506F509D52A1E33C423F7DCC0884", "C389EBD0964ABA27F048D6EDFDBBE608B1BF9C26B0C2A781B136F8A57CE34CC8", "C419E4AE704DBAFD5EFD078AE673E051D209740CCE61A07F500573B347A7F595", "C4D6B3C9B481ABC83F058E2FA34A363CAF95D271DE6C1A6DB6A489BC94E26241", "C5293517F876F8969C153CD92ABDD11AFB71094CCF150503BDDBBFD05812A65C", "C53191E7AB19F2F993B44066BAA50C1203DC120DB98B06380783A69701228D1E", "C651E37BF4B96F4EB07264F5CD8AF5358C07A1B2AF852ACFC9AC82E9E6722BEB", "C6C30575B8111B1F0235943AFBFB3EFC95AC6BC7ED4517C4C9F4D899336D20C9", "C78EC486D86230DDF1D8602E0B7F2837C1420576BD6B5934CAE208E06F1D5B36", "C7CBDBED0F63DA6EE5124570703632B6C2AAA8D5D0DF99F9E70413BFC17257F5", "C882C89B2B2EF702D5D615B6FB118F677DBF78B75B3C65EF291DF714D0BA3FE0", "CA022F6C74AB029507A536E48E400E3EBCD80F6563DFCB94ADFC3887F1C436C3", "CA5C62763261B95E690EF270E128D49DBAE0E294EBA0C3FACFEBCE39C7AA965C", "CBE2A324CCA9005622E38A7E2B23665D7D6691367032C10B6299465D70A4C9B3", "CF387EA027623942683EFC747D5E8C53C455A7B39987E11DF2162158A50271EA", "D01A3C682B872C11438B0E26B61DC1D37C40BF7230C60AD050BCE88B3E4760A8", "D0436708E17AE06481C5D812D4085089BCF7263B197EC4C10E8312B7221AB351", "D0917105241B3AF403EBCBDA7A2973304A787219E1BA33B2EC05560FF0A404EE", "D0D0A80DD7FCB50C4FAE6C8876626AF6BFE47A31698B1105E34BCF5249AC9EB3", "D10BDEF686E7C5314CE467BADB66FF3B6869A323887E4C37D29EEBDADD0D5E07", "D1B9345E7C0A3051B97AF8EB65F3D4BBDE1B65A53A7D35A8D108A09537C245F9", "D24802352877517E1A734910AA5B470C280E95428999292362B5DB5785262ED7", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D3A0DA62A5170AD945AF0956BCB67E86AAF4FEC9192BF04A798E566206BA1BC3", "D3BED0E83235D9426D986A11755E3B30E87187B154AD1097AE25C384A5EC66B8", "D3C39AB5E44022CE078484BB00E5E494D63631603BBCE0882D9082C2ED377CFC", "D42D938207F5AA103E444D93C078C83624DD88D7F8983450772332213314BAF2", "D4C1C0E6A5170ECC8C7B3DFFE304FF401A904E8D9E1A70A203081EBBCDBE568F", "D5C1E2B006182DEFE153EC5573DA742ACAE0CB05A990FCACFD0B44DF71B16C0B", "D60E46330596DCE2059EC92EC698759ACCB875541CC622F435EF733178728B73", "D7448193BEC97EC6B90CB3869926C86749C2FB9859BC66CA55A2B2E7B21D692F", "D88F8D4EC870E7EBE3D835E7BB4576597E4D9045A6C1183BC8C8273B825AA821", "D9BE0065398666E1D67CCC53BE7B141B9D057940F7F6EFEC200D45AA41B346EE", "DA1B32F1EBFA7EDFFCD008466117AFB73DD6C23F7CB38FBE5C6F5715964BBAEF", "DA78D22BE98AAE3FAE7595498C22303F728B4F1A787F6AA2950D1A2B51579024", "DAAD432645B5C5C295F7909FB1726515BC951D5E055545F1175AD10DAD47DA15", "DBD29332B6E297F25422EB8C28791AE3DD704B7B9FDB714ACE7016CEEC63D122", "DC6CFA97AFC11ECA8AC903B07B25377D9849F6E270CE2A8494F78E7B651A0389", "DF03CD856A57D7360B711A6E6395B099DEE028A64AE6341A99493DBAF1274A4B", "E07E9939487B5F63C0252300712F7211E6C0B89676F9E5D5E2613D17BD23D356", "E0E9F996D64E7209F6A18673F090B066CB9EC2D93ADA025356B272CDA257ABBD", "E1347202BCC47D3F31895563DF1F7842BEC89FA802656E5A1AA1C6417187343D", "E1BC051B35E6390CDF26EAF4F9606F465A68BC39D22DAB92F943569FCDE317AE", "E1D0C5329284235F193392CF9D4AE596C30F2C7808A1971C3D2005687823AE7C", "E2DD11E66560F5B27482CD4CB2E260C96E8DBF8D494B7634E0E12040AD56C9CF", "E30E73EC52C28C43A6E751E1BE29D05BB6EAB02BC422665D82F3C431254532A5", "E48F8ABCD477E820754A4984E9A42E9861FF62036721D12B2341BBB5CB6A55BA", "E53559E7A7258D1A9CC240705ADA19663A561AFB3905A8FB3C41236DFF6DE69A", "E5C69EFA39FF2FD80727237799E8EF29673581727BBDABA07DD43A19654119E1", "E6BCBC39FE76A42D02EE12D24DA03F65B3FC85BCE5A5C7C09C37B05E5C43560D", "EC94857D7D563A0D20E8336122A527B358E52AC50ABAE059889E5A31BFEAB1C2", "ED60AC8DA8519FF62B67D9A42CACC711F4D100223E77E6CCFEC7F0D7ADF7426D", "EE2718514028559E6F27A557F3B2FF99E3B2AC3C33754AA2CB57AD5E245C7955", "EEEA1AED0DDC584C51431A9908918AF5D5529838CADC30B95CF1D2E06A297A4E", "EEFA07F3B1DA403AC16805635B341ED2291730152BE0979DC21E8BB0A068158D", "EF61076F398E7E703A00D1503205A1E6D7D23FD6F5942CC3C0F34D08EE3C113F", "EF8F5D2176643F60AAACF896D63970A0820FAB5D2142D03834334DF645116BBD", "F0E62F1700EDD02BA2F3839DDD88EA046C8C342A2FAE608A27D02F8C7F20EE45", "F4B54AA8642264D84C83C50AC6EDE073C6E0DF84951C7BE4C0C739B701EA41CE", "F4BDACE4C2BD969BE014F58FD96BAC012DCB9FD40640A048ED223245FEA36AB5", "F6BE00294C862D5F5FF2B5DBAC48A97801994D58BD8E7B4DEE3ED210A9A3676A", "F7862E3AFF4165C1E96904B0CC478B568FD7C29638F30D7255C5D201546C0450", "F87CCF7C7DB0E048496672AF6D21D716CF33B0D433A0289B3C5763C54B0731AF", "F967014534DCCC8F81A119D3F6C4F892D3391900CC61B075AAC35C3073D741FA", "F96732014CC74E0CD212E2641AC086C0DBA609B9E2E61E3DC4259C4E401BE0FA", "FB60760FFBC4C1641885367A133FC454DC2E0574DCD44CF7D9CE310281E34594", "FBD214BD3617CD0E35DFB86718392CFC780A55239ADDCC2630BE6B9CBE939D78", "FC6CD52C9B1254CA4EDF111218F0B9EBBE253B30643BAEEC7B345AF2A6AD286F", "FC8C17DD115E571F97B5F3885C8242567934FD310C97F79C46B626881E94E7C9", "FCCC0F3B66FBDAD0D2E95FD368A9EC23B1CACB02F277AF6EB3B63115AB8DEECF", "FCD272D34A421FD2A8E04F5869B5DD874F2DF23AEF80C7EEB8F434E195F090C3", "FE20A5D1F4849E14D48069BAF660E8CC8F27B6E1A52250832431EA5A43960BAB", "FF8A5C202A165C6A86DAF62B5BC19ADD9FB787B84C46A73C2E35849265921673"]}, {"type": "ics", "idList": ["ICSA-21-075-02", "ICSA-22-160-01", "ICSA-22-349-21", "ICSMA-18-058-02"]}, {"type": "jvn", "idList": ["JVN:40604023"]}, {"type": "kaspersky", "idList": ["KLA10957", "KLA10958", "KLA10959"]}, {"type": "kitploit", "idList": ["KITPLOIT:2973941148692546578"]}, {"type": "mageia", "idList": ["MGASA-2016-0338", "MGASA-2016-0408", "MGASA-2017-0041"]}, {"type": "nessus", "idList": ["9917.PRM", "AIX_JAVA_JAN2017_ADVISORY.NASL", "AIX_OPENSSL_ADVISORY21.NASL", "ALA_ALAS-2016-755.NASL", "ALA_ALAS-2017-791.NASL", "ALA_ALAS-2017-797.NASL", "ARISTA_EOS_SA0024.NASL", "ARISTA_EOS_SA0024_4_17.NASL", "CENTOS_RHSA-2016-1940.NASL", "CENTOS_RHSA-2017-0180.NASL", "CENTOS_RHSA-2017-0269.NASL", "CENTOS_RHSA-2018-2123.NASL", "DEBIAN_DLA-637.NASL", "DEBIAN_DLA-821.NASL", "DEBIAN_DSA-3673.NASL", "DEBIAN_DSA-3782.NASL", "EULEROS_SA-2016-1090.NASL", "EULEROS_SA-2017-1015.NASL", "EULEROS_SA-2017-1016.NASL", "EULEROS_SA-2017-1027.NASL", "EULEROS_SA-2017-1028.NASL", "EULEROS_SA-2019-1403.NASL", "EULEROS_SA-2019-1434.NASL", "EULEROS_SA-2019-2509.NASL", "EULEROS_SA-2019-2643.NASL", "F5_BIGIP_SOL13167034.NASL", "FREEBSD_PKG_43EAA65680BC11E6BF52B499BAEBFEAF.NASL", "GENTOO_GLSA-201612-16.NASL", "GENTOO_GLSA-201701-65.NASL", "GENTOO_GLSA-201707-01.NASL", "IBM_BIGFIX_REMOTE_CONTROL_9_1_3.NASL", "IBM_HTTP_SERVER_553351.NASL", "IBM_INFORMIX_SERVER_SWG22002897.NASL", "IBM_JAVA_2017_01_17.NASL", "JUNIPER_JSA10759.NASL", "MYSQL_5_6_34.NASL", "MYSQL_5_6_34_RPM.NASL", "MYSQL_5_7_16.NASL", "MYSQL_5_7_16_RPM.NASL", "MYSQL_ENTERPRISE_MONITOR_3_1_5_7958.NASL", "MYSQL_ENTERPRISE_MONITOR_3_2_5_1141.NASL", "MYSQL_ENTERPRISE_MONITOR_3_3_1_1112.NASL", "NESSUS_TNS_2016_16.NASL", "NEWSTART_CGSL_NS-SA-2019-0022_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2019-0111_JAVA-1.8.0-OPENJDK.NASL", "OPENSSL_1_0_1U.NASL", "OPENSSL_1_0_2I.NASL", "OPENSSL_1_1_0.NASL", "OPENSUSE-2016-1130.NASL", "OPENSUSE-2016-1134.NASL", "OPENSUSE-2016-1172.NASL", "OPENSUSE-2016-1189.NASL", "OPENSUSE-2017-201.NASL", "OPENSUSE-2017-278.NASL", "OPENSUSE-2018-168.NASL", "ORACLELINUX_ELSA-2016-1940.NASL", "ORACLELINUX_ELSA-2016-3627.NASL", "ORACLELINUX_ELSA-2017-0180.NASL", "ORACLELINUX_ELSA-2017-0269.NASL", "ORACLELINUX_ELSA-2018-2123.NASL", "ORACLEVM_OVMSA-2016-0135.NASL", "ORACLEVM_OVMSA-2016-0141.NASL", "ORACLE_ACCESS_MANAGER_CPU_JAN_2018.NASL", "ORACLE_E-BUSINESS_CPU_JUL_2017.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2017_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2015.NASL", "ORACLE_HTTP_SERVER_CPU_JUL_2016.NASL", "ORACLE_HTTP_SERVER_CPU_OCT_2015.NASL", "ORACLE_JAVA_CPU_JAN_2017.NASL", "ORACLE_JAVA_CPU_JAN_2017_UNIX.NASL", "ORACLE_JROCKIT_CPU_JAN_2017.NASL", "ORACLE_RDBMS_CPU_JUL_2017.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2017_CPU.NASL", "PHOTONOS_PHSA-2017-0016.NASL", "PHOTONOS_PHSA-2017-0016_OPENJDK.NASL", "PHOTONOS_PHSA-2017-0016_OPENJRE.NASL", "PVS_5_2_0.NASL", "REDHAT-RHSA-2016-1940.NASL", "REDHAT-RHSA-2017-0175.NASL", "REDHAT-RHSA-2017-0176.NASL", "REDHAT-RHSA-2017-0177.NASL", "REDHAT-RHSA-2017-0180.NASL", "REDHAT-RHSA-2017-0263.NASL", "REDHAT-RHSA-2017-0269.NASL", "REDHAT-RHSA-2017-0336.NASL", "REDHAT-RHSA-2017-0337.NASL", "REDHAT-RHSA-2017-0338.NASL", "REDHAT-RHSA-2017-0462.NASL", "REDHAT-RHSA-2017-1216.NASL", "REDHAT-RHSA-2017-2709.NASL", "REDHAT-RHSA-2017-2710.NASL", "REDHAT-RHSA-2017-3113.NASL", "REDHAT-RHSA-2017-3240.NASL", "REDHAT-RHSA-2018-2123.NASL", "SECURITYCENTER_OPENSSL_1_0_1U.NASL", "SLACKWARE_SSA_2016-266-01.NASL", "SLACKWARE_SSA_2016-363-01.NASL", "SL_20160927_OPENSSL_ON_SL6_X.NASL", "SL_20170120_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20170213_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20180703_PYTHON_ON_SL7_X.NASL", "SSL_64BITBLOCK_SUPPORTED_CIPHERS.NASL", "SSL_MEDIUM_SUPPORTED_CIPHERS.NASL", "SUSE_SU-2016-2387-1.NASL", "SUSE_SU-2016-2394-1.NASL", "SUSE_SU-2016-2458-1.NASL", "SUSE_SU-2016-2468-1.NASL", "SUSE_SU-2016-2470-1.NASL", "SUSE_SU-2017-0346-1.NASL", "SUSE_SU-2017-0460-1.NASL", "SUSE_SU-2017-0490-1.NASL", "SUSE_SU-2017-0716-1.NASL", "SUSE_SU-2017-0719-1.NASL", "SUSE_SU-2017-0720-1.NASL", "SUSE_SU-2017-0726-1.NASL", "SUSE_SU-2017-0839-1.NASL", "SUSE_SU-2017-1389-1.NASL", "SUSE_SU-2017-1444-1.NASL", "UBUNTU_USN-3087-1.NASL", "UBUNTU_USN-3087-2.NASL", "UBUNTU_USN-3179-1.NASL", "UBUNTU_USN-3194-1.NASL", "UBUNTU_USN-3198-1.NASL", "UBUNTU_USN-3270-1.NASL", "VIRTUOZZO_VZLSA-2017-0180.NASL", "VIRTUOZZO_VZLSA-2017-0269.NASL", "VMWARE_ESXI_6_0_BUILD_5485776_REMOTE.NASL"]}, {"type": "nodejsblog", "idList": ["NODEJSBLOG:SEPTEMBER-2016-SECURITY-RELEASES"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2016-2183"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106460", "OPENVAS:1361412562310108031", "OPENVAS:1361412562310108372", "OPENVAS:1361412562310108374", "OPENVAS:1361412562310108772", "OPENVAS:1361412562310120744", "OPENVAS:1361412562310703673", "OPENVAS:1361412562310703782", "OPENVAS:1361412562310808703", "OPENVAS:1361412562310809782", "OPENVAS:1361412562310809784", "OPENVAS:1361412562310842896", "OPENVAS:1361412562310842898", "OPENVAS:1361412562310843026", "OPENVAS:1361412562310843048", "OPENVAS:1361412562310843052", "OPENVAS:1361412562310843145", "OPENVAS:1361412562310851397", "OPENVAS:1361412562310851399", "OPENVAS:1361412562310851406", "OPENVAS:1361412562310851412", "OPENVAS:1361412562310851485", "OPENVAS:1361412562310851494", "OPENVAS:1361412562310851703", "OPENVAS:1361412562310871663", "OPENVAS:1361412562310871749", "OPENVAS:1361412562310871758", "OPENVAS:1361412562310882566", "OPENVAS:1361412562310882569", "OPENVAS:1361412562310882639", "OPENVAS:1361412562310882640", "OPENVAS:1361412562310882655", "OPENVAS:1361412562310882656", "OPENVAS:1361412562310882657", "OPENVAS:1361412562310882919", "OPENVAS:1361412562310890821", "OPENVAS:1361412562311220161090", "OPENVAS:1361412562311220171015", "OPENVAS:1361412562311220171016", "OPENVAS:1361412562311220171027", "OPENVAS:1361412562311220171028", "OPENVAS:1361412562311220191403", "OPENVAS:1361412562311220191434", "OPENVAS:1361412562311220192509", "OPENVAS:1361412562311220192643", "OPENVAS:703673", "OPENVAS:703782"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUAPR2018", "ORACLE:CPUAPR2020", "ORACLE:CPUJAN2017", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2020", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2020", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2020", "ORACLE:CPUOCT2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-1940", "ELSA-2016-3621", "ELSA-2016-3627", "ELSA-2017-0180", "ELSA-2017-0269", "ELSA-2018-2123", "ELSA-2018-3041", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:CVE-2016-2183", "OSV:DLA-637-1", "OSV:DLA-821-1", "OSV:DSA-3673-1", "OSV:DSA-3673-2", "OSV:DSA-3782-1", "OSV:GHSA-HGV6-W7R3-W4QW"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142756", "PACKETSTORM:143369"]}, {"type": "redhat", "idList": ["RHSA-2016:1940", "RHSA-2017:0175", "RHSA-2017:0176", "RHSA-2017:0177", "RHSA-2017:0180", "RHSA-2017:0263", "RHSA-2017:0269", "RHSA-2017:0336", "RHSA-2017:0337", "RHSA-2017:0338", "RHSA-2017:0462", "RHSA-2017:1216", "RHSA-2017:2708", "RHSA-2017:2709", "RHSA-2017:2710", "RHSA-2017:3113", "RHSA-2017:3114", "RHSA-2017:3239", "RHSA-2017:3240", "RHSA-2018:2123", "RHSA-2019:1245", "RHSA-2019:2859", "RHSA-2020:0451", "RHSA-2020:3842", "RHSA-2021:0308", "RHSA-2021:2438"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-5546", "RH:CVE-2023-0296"]}, {"type": "seebug", "idList": ["SSV:93135"]}, {"type": "slackware", "idList": ["SSA-2016-266-01", "SSA-2016-363-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2391-1", "OPENSUSE-SU-2016:2407-1", "OPENSUSE-SU-2016:2496-1", "OPENSUSE-SU-2016:2537-1", "OPENSUSE-SU-2017:0374-1", "OPENSUSE-SU-2017:0513-1", "OPENSUSE-SU-2018:0458-1", "SUSE-SU-2016:2387-1", "SUSE-SU-2016:2394-1", "SUSE-SU-2016:2458-1", "SUSE-SU-2016:2468-1", "SUSE-SU-2016:2469-1", "SUSE-SU-2016:2470-1", "SUSE-SU-2016:2470-2", "SUSE-SU-2017:0346-1", "SUSE-SU-2017:0460-1", "SUSE-SU-2017:0490-1", "SUSE-SU-2017:1444-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1"]}, {"type": "symantec", "idList": ["SMNTC-1392"]}, {"type": "threatpost", "idList": ["THREATPOST:76E9C3B4FF9F862F31CF7EBE00893BDF", "THREATPOST:92734AB0515417387ACE7EE44D1D5100", "THREATPOST:99C5E70D89447B8402B9FBA7381541F0", "THREATPOST:CF8A831748EC23AA2B67F64081A55155"]}, {"type": "ubuntu", "idList": ["USN-3087-1", "USN-3087-2", "USN-3179-1", "USN-3194-1", "USN-3198-1", "USN-3270-1", "USN-3372-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-2183", "UB:CVE-2016-5546", "UB:CVE-2016-5547", "UB:CVE-2016-5548", "UB:CVE-2016-5549"]}, {"type": "veracode", "idList": ["VERACODE:12305", "VERACODE:12335", "VERACODE:17869", "VERACODE:17870", "VERACODE:18023", "VERACODE:3248"]}, {"type": "zdt", "idList": ["1337DAY-ID-27866"]}]}, "affected_software": {"major_version": [{"name": "flashsystem 840 machine type and models (mtms) affected include 9840-ae1 and 9843-ae1. flashsystem 900 mtms affected include 9840-ae2 and 9843-ae2. supported code versions which are affected \u00b7\tvrmfs prior to 1.3.0.9 \u00b7\tvrmfs prior to", "version": 1}]}, "epss": [{"cve": "CVE-2016-2183", "epss": 0.00439, "percentile": 0.71021, "modified": "2023-05-02"}, {"cve": "CVE-2016-5546", "epss": 0.00422, "percentile": 0.70436, "modified": "2023-05-02"}, {"cve": "CVE-2016-5547", "epss": 0.00443, "percentile": 0.71112, "modified": "2023-05-02"}, {"cve": "CVE-2016-5548", "epss": 0.00321, "percentile": 0.66148, "modified": "2023-05-02"}, {"cve": "CVE-2016-5549", "epss": 0.00321, "percentile": 0.66148, "modified": "2023-05-02"}], "vulnersScore": 0.9}, "_state": {"score": 1685814097, "dependencies": 1685838547, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "175c9496504dbb3ecf883395046aafc3"}, "affectedSoftware": [{"version": "any", "operator": "eq", "name": "ibm flashsystem 900"}, {"version": "any", "operator": "eq", "name": "ibm flashsystem 900"}]}

{"ibm": [{"lastseen": "2023-02-21T21:49:27", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 used by IBM Security Directory Suite (SDS). These issues were disclosed as part of the IBM Java SDK updates for Jan 2017.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-5546](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120869> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2016-5548](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120864> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-5549](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120863> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-5547](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120871> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-2183](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/116337> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n**Product** | **Version** \n---|--- \nIBM Security Directory Suite | 8.0 \nIBM Security Directory Suite | 8.0.1.0 - 8.0.1.1 \n \n## Remediation/Fixes\n\nProduct | VRMF | Remediation \n---|---|--- \nIBM Security Directory Suite | 8.0 | \n\n_Contact IBM Support_ \n \nIBM Security Directory Suite | 8.0.1.0 - 8.0.1.1 | \n\n[8.0.1.2-ISS-ISDS](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Directory+Suite&release=8.0.1.2&platform=Linux+64-bit,x86_64&function=fixId&fixids=8.0.1.2-ISS-ISDS-IF0004.fixpack&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-07-31T04:20:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Directory Suite.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-07-31T04:20:25", "id": "017198847549473B2F1109F9F4CE4C76950F186E9BE5A4FEADE9746A60AB9F69", "href": "https://www.ibm.com/support/pages/node/718851", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:50:30", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition Version 6.0 and Version 7.0 that is used by Security Directory Integrator. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Tivoli Directory Integrator 7.1.1 \nIBM Security Directory Integrator 7.2.0\n\n## Remediation/Fixes\n\nAffected Products and Versions\n\n| Fix availability \n---|--- \nTDI 7.1.1 and TDI 7.1| [7.1.1-TIV-TDI-LA0034](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Directory+Integrator&fixids=7.1.1-TIV-TDI-LA0034-60SR16FP41&source=SAR>) \nSDI 7.2| [7.2.0-ISS-SDI-LA0012](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FSecurity+Directory+Integrator&fixids=7.2.0-ISS-SDI-LA12-70SR10FP1&source=SAR>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T22:01:08", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator CVE-2016-5546 (CVSS 7.5) , CVE-2016-5548 (CVSS 6.5), CVE-2016-5549 (CVSS 6.5), CVE-2016-5547 (CVSS 5.3), CVE-2016-2183 (CVSS 3.1)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-16T22:01:08", "id": "5729CD725FB94D26A62EF5EA5BED97BB34092F23F540A34F6782D495E0D44EFF", "href": "https://www.ibm.com/support/pages/node/563391", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-03T17:53:16", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6 used by Optim Data Growth, Test Data Management and Application Retirement. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n** ** \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n** ** \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n** ** \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n** ** \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM InfoSphere Optim solutions and editions versions 9.1 and 11.3 running on all supported platforms are affected. \n \nBoth editions (Enterprise and Workgroup) of the following products are affected: \n\n\n * Optim Archive\n * Optim Data Privacy\n * Optim Test Data Management\n \nAll variations of the following solutions are affected: \n\n\n * Optim Data Growth Solution\n * Optim Solution for Application Retirement\n * Optim Test Data Management Solution\n\n## Remediation/Fixes\n\nFor the 11.3 release, fix pack 4 (11.3.0.4), iFix 153 and iFix 215 are required before installing iFix 032. That is, install 11.3.0.4, then iFix 153, then iFix 215, then iFix 032. \n\n\nFor the 9.1 release, fix pack 6 (9.1.0.6) and iFix 208 are required before installing iFix 025.\n\n \n \n**_Product_**| **_VRMF_**| **_iFix_**| **_Remediation/First Fix_** \n---|---|---|--- \nIBM InfoSphere Optim solutions and editions| 11.3.0| 032| \\- Apply [IBM InfoSphere Optim 11.3.0.4](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/Optim&release=11.3.0&platform=All&function=fixId&fixids=OPTM-11.03.00-FP04-RHEL4,OPTM-11.03.00-FP04-AIX53,OPTM-11.03.00-FP04-SUN,OPTM-11.03.00-FP04-WIN,OPTM-11.03.00-FP04-WIN64&includeSupersedes=0&source=fc>) \n\\- Apply [IBM InfoSphere Optim iFix 153](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%20Management&product=ibm/Information+Management/Optim&release=11.3.0&platform=All&function=fixId&fixids=OPTM-11.03.00-153-RHEL4,OPTM-11.03.00-153-AIX53,OPTM-11.03.00-153-SUN8,OPTM-11.03.00-153-WIN,OPTM-11.03.00-153-WIN64&includeSupersedes=0&source=fc>) \n\\- Apply [IBM InfoSphere Optim iFix 215](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%20Management&product=ibm/Information+Management/Optim&release=11.3.0&platform=All&function=fixId&fixids=OPTM-11.03.00-215-RHEL4,OPTM-11.03.00-215-AIX53,OPTM-11.03.00-215-SUN8,OPTM-11.03.00-215-WIN,OPTM-11.03.00-215-WIN64&includeSupersedes=0&source=fc>) \nIBM InfoSphere Optim solutions and editions| 9.1.0| 025| \\- Apply [IBM InfoSphere Optim 9.1.0.6](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/Optim&release=9.1.0&platform=All&function=fixId&fixids=OPTM-09.01.00-FP06-HPUX23,OPTM-09.01.00-FP06-WIN,OPTM-09.01.00-FP06-SUN,OPTM-09.01.00-FP06-AIX53,OPTM-09.01.00-FP06-SUSE9,OPTM-09.01.00-FP06-RHEL4&includeSupersedes=0&source=fc>) \n\\- Apply [IBM InfoSphere Optim iFix 208](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%20Management&product=ibm/Information+Management/Optim&release=9.1.0&platform=All&function=textSearch&text=208>) \n \n**Installing this fix** \n \nFor each release (9.1.0 and 11.3.0), there are 3 components that require this fix: \n\n 1. Optim Designer\n 2. Optim Runtime Services\n 3. WAS CE\n \nThere are 2 alternatives to install the fixes: \n\n\n 1. **Use IBM Installation Manager** to directly download the fix from IBM and apply it. An internet connection is required on the machine where Optim is installed for this alternative.\n 2. **Download the zip file** and then use IBM Installation Manger to install it. An internet connection is not required on the machine where Optim is installed for this alternative, but the zip file will have to be placed on the machine via a diskette or USB drive to be used.\n \nHere are the detailed instructions for each alternative: \n\n\n 1. **Use IBM Installation Manage**r to directly download an iFix from IBM and apply it. This method requires an external internet connection on the host machine containing Installation Manager and one, two or all of the following 3 Optim components: Designer, Runtime Services, and WAS CE. \n \nUse the following instructions: \n\n 1. Shut down all Optim components.\n 2. Start Installation Manager. If you have multiple instances of Installation Manager installed, make sure you choose the one used to install Optim. \n 3. On the main Installation Manger window, select File->Preferences, then Repositories.\n 4. At the bottom of the Installation Manager Repositories window, ensure the check box \"Search service repositories during installation and updates.\" is selected. \n 5. Select OK to save the settings and close the window.\n 6. On the main Installation Manger window, select the Update icon.\n 7. On the Update Packages window, select one of the following:\n 1. \"IBM InfoSphere\u201d package group for machines where Optim Designer is installed\n 2. \u201cIBM Optim Runtime\u201d package group for machines where Optim Runtime Services is installed\n 3. \u201cIBM Optim Shared\u201d package group for machines where WAS CE is installed.\n 8. Select the Next button.\n 9. On the next window, ensure that the appropriate iFix is selected for the version of the Optim that is installed on your machine.\n 10. Follow the wizard to complete the installation of the iFix. \n \nNOTES: \n\n 1. You must be at either the 9.1.0.6 or 11.3.0.4 versions for this to work.\n 2. Repeat this process for each Opim component (Designer, Runtime Services, WAS CE) that is installed on each machine where Optim is installed. \n\n 2. **Download the zip file** and then use IBM Installation Manger to install it. \n \nUse the following instructions: \n\n 1. To update Optim Designer download:\n 1. For 11.3.0: <http://public.dhe.ibm.com/software/rationalsdp/v75/nex/zips/OPDM-11.03.00-032DesignerPatch.zip>\n 2. For 9.1.0: <http://public.dhe.ibm.com/software/rationalsdp/v75/nex/zips/OPDM-09.01.00-025DesignerPatch.zip>\n 2. To update Optim Runtime Services download:\n 1. For 11.3.0: <http://public.dhe.ibm.com/software/rationalsdp/v75/nex/zips/OPDM-11.03.00-032RuntimeServicesPatch.zip>\n 2. For 9.1.0: <http://public.dhe.ibm.com/software/rationalsdp/v75/nex/zips/OPDM-09.01.00-025RuntimeServicesPatch.zip>\n 3. To update WAS CE download:\n 1. For 11.3.0: <http://public.dhe.ibm.com/software/rationalsdp/v75/nex/zips/OPDM-11.03.00-032WASCEPatch.zip>\n 2. For 9.1.0: <http://public.dhe.ibm.com/software/rationalsdp/v75/nex/zips/OPDM-09.01.00-025WASCEPatch.zip>\n 4. Transfer to the computer where Optim is installed each of the above files for the components that are installed on the computer.\n 5. Unzip the zip file(s).\n 6. Follow the instructions in the ReadMe contained in the zip file(s). \n \nNOTES: \n \n1\\. If you have multiple components on a computer, you will have to install the fix for each component (Designer, Runtime Services, WAS CE) separately.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-08T20:36:58", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilites in IBM Java Runtime Affect Optim Data Growth, Test Data Management and Application Retirement", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2021-07-08T20:36:58", "id": "98FBC29C8A3721BDF3BD24351FB4EDFE39F3D687293733385EB60C6187F38E27", "href": "https://www.ibm.com/support/pages/node/560563", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-03T17:53:17", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is used by InfoSphere Optim Performance Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-5546](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120869> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [CVE-2016-5548](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120864> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-5549](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120863> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-5547](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120871> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-2183](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/116337> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nInfoSphere Optim Performance Manager 5.3.1 and earlier\n\n## Remediation/Fixes\n\nEach affected product and version requires the upgrade of the IBM SDK, Java Technology Edition that is installed with the client. Install one of the following IBM Java SDK versions: \nIBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 41 and subsequent releases \nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 1 and subsequent releases \n\nProduct| Version| IBM SDK \n---|---|--- \nInfoSphere Optim Performance Manager| 4.1 - 5.1.1.1| [Replace JRE](<http://www.ibm.com/support/docview.wss?uid=swg21640535>) (V6 SR16-FP 41) \nInfoSphere Optim Performance Manager| 5.2 \u2013 5.3.1| [Replace JRE](<http://www.ibm.com/support/docview.wss?uid=swg21640535>) (V7 SR10-FP1) \n \n## Workarounds and Mitigations\n\nNone. The only solution is to upgrade the JRE.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-08T21:30:52", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect InfoSphere Optim Performance Manager (CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2021-07-08T21:30:52", "id": "6AC3D160EBC9B7B2A7A56866F588F05DBD295AB4AE46EB1CD3A574DC726F9423", "href": "https://www.ibm.com/support/pages/node/558987", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:50:40", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM Security Directory Suite. The issues were disclosed as part of the IBM Java SDK updates in January 2017 and it includes the vulnerabilities details.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Security Directory Suite 8.0 and 8.0.1\n\n## Remediation/Fixes\n\n**Product**\n\n| **Remediation** \n---|--- \nIBM Security Directory Suite 8.0| _Contact IBM Support_ \nIBM Security Directory Suite 8.0.1| [IBM Security Directory Suite 8.0.1.2](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Security+Directory+Suite&fixids=8.0.1.2-ISS-ISDS_20170607-0918.pkg&function=fixId&parent=IBM%20Security>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:59:06", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM\u00ae Java SDK that affect IBM Security Directory Suite - January 2017 CPU", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-16T21:59:06", "id": "775B57CB49BD54DD08F0B362C9B1350CE27111393E547386D47B85F4B30A09B9", "href": "https://www.ibm.com/support/pages/node/559059", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-03T17:37:18", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition that is used by IBM SAN Volume Controller, Storwize Family and FlashSystem V9000 products . These issues were disclosed as part of the IBM Java SDK updates in February 2017. The applicable CVEs are CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547 and CVE-2016-2183.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM SAN Volume Controller \nIBM Storwize V7000 \nIBM Storwize V5000 \nIBM Storwize V3700 \nIBM Storwize V3500 \nIBM FlashSystem V9000 \n \nAll products are affected when running supported releases 7.1 to 7.8. For unsupported versions of the above products, IBM recommends upgrading to a fixed, supported version of the product.\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500 to the following code levels or higher: \n \n7.5.0.12 \n7.6.1.8 \n7.7.1.6 \n7.8.1.1 \n \n[_Latest SAN Volume Controller Code_](<http://www-01.ibm.com/support/docview.wss?rs=591&uid=ssg1S1001707>) \n[_Latest Storwize V7000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003705>) \n[_Latest Storwize V5000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004336>) \n[_Latest Storwize V3700 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004172>) \n[_Latest Storwize V3500 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004171>) \n \nFor IBM FlashSystem V9000, upgrade to the following code levels or higher: \n \n7.6.1.8 \n7.7.1.6 \n7.8.1.1 \n \n[_Latest FlashSystem V9000 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+V9000&release=All&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nAlthough IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-29T01:48:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect SAN Volume Controller, Storwize family and FlashSystem V9000 products", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2023-03-29T01:48:02", "id": "D88F8D4EC870E7EBE3D835E7BB4576597E4D9045A6C1183BC8C8273B825AA821", "href": "https://www.ibm.com/support/pages/node/697341", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:53:34", "description": "## Summary\n\nThere are multiple vulnerabiltities in the IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in January 2017. These may affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition. \n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the References section for more information. \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n** \nCVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n** \nCVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nThis vulnerability affects all versions of Liberty for Java in IBM Bluemix up to and including v3.4.1.\n\n## Remediation/Fixes\n\nTo upgrade to Liberty for Java v3.8-20170308-1507 or higher, you must re-stage or re-push your application. \n \nTo find the current version of Liberty for Java in IBM Bluemix being used, from the command-line Cloud Foundry client by running the following commands: \n \n**cf ssh <appname> -c cat \"staging_info.yml\"** \n \nLook for the following lines: \n \n{\"detected_buildpack\":\"Liberty for Java(TM) (WAR, liberty-xxx, buildpack-v3.xxx, ibmjdk-1.8.0_20161213, env)\",\"start_command\":\".liberty/initial_startup.rb\"} \n \nTo re-stage your application using the command-line Cloud Foundry client, use the following command: \n \n**cf restage <appname>** \n \nTo re-push your application using the command-line Cloud Foundry client, use the following command: \n \n**cf push <appname>** \n\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T07:07:09", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects Liberty for Java for IBM Bluemix January 2017 CPU", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-15T07:07:09", "id": "A452BCA89E301CA046119BFDC15BA43A08FBCD45A7999ADA0583C7B23537839A", "href": "https://www.ibm.com/support/pages/node/293895", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:53:43", "description": "## Summary\n\nThere are multiple vulnerabiltities in the IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in January 2017. These may affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition. \n\n## Vulnerability Details\n\nFor information on the IBM Java SDK that is now bundled with WebSphere Application Server Version 8.5.5 refer to the Knowledge Center link in the References section. \n \nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the References section for more information. \nHP fixes are on a delayed schedule. \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM SDK, Java Technology Editions shipped with WebSphere Application Server Liberty up to 16.0.0.4. IBM SDK, Java Technology Editions shipped with IBM WebSphere Application Server Traditional Version 9.0.0.0 through 9.0.0.2, 8.5.0.0 through 8.5.5.11, Version 8.0.0.0 through 8.0.0.13, Version 7.0.0.0 through 7.0.0.41. \n\n * This _does not occur_ on IBM SDK, Java Technology Editions that are shipped with WebSphere Application Servers Fix Packs 17.0.0.1, 9.0.0.3, 8.5.5.12, 8.0.0.14, and 7.0.0.43 or later. \n * ## Remediation/Fixes\n\nDownload and apply the interim fix APARs below, for your appropriate release ** \n \nFor the IBM Java SDK updates: \n \nFor WebSphere Application Server Liberty:** \nUpgrade to WebSphere Application Server Liberty Fix Packs as noted below or later fix pack level and apply one of the interim fixes below: \n\n * Upgrade to WebSphere Application Server Liberty Fix Pack 8.5.5.1 or later then apply Interim Fix [PI76780](<http://www-01.ibm.com/support/docview.wss?uid=swg24043322>): Will upgrade you to IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 41 (optional) \n * Upgrade to WebSphere Application Server Liberty Fix Pack 8.5.5.1 or later then apply Interim Fix [PI76507](<http://www-01.ibm.com/support/docview.wss?uid=swg24043320>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24041667>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041197>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040406>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039958>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039665>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039312>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038810>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038089>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037534>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037709>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>)Will upgrade you to IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 FP1 (optional) \n * Upgrade to WebSphere Application Server Liberty Fix Pack 8.5.5.2 or later or WebSphere Application Server Liberty Fix Pack 16.0.0.2 or later then apply Interim Fix [PI76505](<http://www-01.ibm.com/support/docview.wss?uid=swg24043319>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24040157>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039961>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039687>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039311>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038809>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038165>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>)Will upgrade you to IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 FP1 (optional) \n * Upgrade to WebSphere Application Server Liberty Fix Pack 8.5.5.5 or later or WebSphere Application Server Liberty Fix Pack 16.0.0.2 or later then apply Interim Fix [PI76502](<http://www-01.ibm.com/support/docview.wss?uid=swg24043271>): Will upgrade you to IBM SDK, Java Technology Edition, Version 8 Service Refresh 4 FP1 (optional) \n * For a Liberty Archive Fix - Upgrade to WebSphere Application Server Liberty Fix Pack 8.5.5.1 or later or WebSphere Application Server Liberty Fix Pack 16.0.0.2 or later then apply Interim Fix[ PI76504](<http://www-01.ibm.com/support/docview.wss?uid=swg24043270>): Will upgrade you to IBM SDK, Java Technology Edition, Version 8 Service Refresh 4 FP1 (optional) ** \n\\--OR--**\n * Apply IBM Java SDK shipped with WebSphere Application Server Liberty (17.0.0.2) or later. \n \n****\n\n \nFor Version 9 WebSphere Application Server Traditional: \n\nUpdate the IBM SDK, Java Technology Edition using the instructions in the IBM Knowledge Center [_Installing and updating IBM SDK, Java Technology Edition on distributed environments_](<http://www.ibm.com/support/knowledgecenter/en/SSEQTP_9.0.0/com.ibm.websphere.installation.base.doc/ae/tins_installation_jdk.html>) then use the IBM Installation manager to access the [_online product repositories _](<http://www.ibm.com/support/knowledgecenter/en/SSEQTP_9.0.0/com.ibm.websphere.installation.base.doc/ae/cins_repositories.html>)to install the SDK. ** \n \nFor V8.5.0.0 through 8.5.5.11 WebSphere Application Server Traditional and WebSphere Application Server Hypervisor Edition:**\n\nUpgrade to WebSphere Application Server Traditional Fix Packs as noted below or later fix pack level and then apply one or more of the interim fixes below: \n\n * Upgrade to WebSphere Application Server Traditional Fix Pack 8.5.5.1 or later then apply Interim Fix [PI76779](<http://www-01.ibm.com/support/docview.wss?uid=swg24043321>): Will upgrade you to IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 41 (required) \n * Upgrade to WebSphere Application Server Traditional Fix Pack 8.5.5.1 or later then apply Interim Fix [PI76507](<http://www-01.ibm.com/support/docview.wss?uid=swg24043320>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24042554>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042119>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039958>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039665>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039312>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038810>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038089>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037534>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037709>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>)Will upgrade you to IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 FP1 (optional) \n * Upgrade to WebSphere Application Server Traditional Fix Pack 8.5.5.2 or later then apply Interim Fix [PI76505](<http://www-01.ibm.com/support/docview.wss?uid=swg24043319>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24041671>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041668>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041194>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040407>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040157>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039961>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039687>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039311>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038809>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038165>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>)Will upgrade you to IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 FP1 (optional) \n * Upgrade to WebSphere Application Server Traditional Fix Pack 8.5.5.9 or later then apply Interim Fix [PI76502](<http://www-01.ibm.com/support/docview.wss?uid=swg24043271>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24042939>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042552>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042111>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040158>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039956>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039668>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039304>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038812>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038093>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037708>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036967>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036505>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035398>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034998>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034447>)Will upgrade you to IBM SDK, Java Technology Edition, Version 8 Service Refresh 4 FP1 (optional)\n * For enviornments that have been upgraded to use the new default IBM SDK Version 8 bundled with WebSphere Application Server Fix Pack 8.5.5.11 or later: Apply Interim Fix [PI76503](<http://www-01.ibm.com/support/docview.wss?uid=swg24043272>): Will upgrade you to IBM SDK, Java Technology Edition, Version 8 Service Refresh 4 FP1(required) \n**\\--OR--**\n\n * Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 12 (8.5.5.12) or later.\n** \n \nFor V8.0.0.0 through 8.0.0.13 WebSphere Application Server and WebSphere Application Server Hypervisor Edition:**\n\nUpgrade to WebSphere Application Server Fix Pack 8.0.0.7 or later then apply the interim fix below: \n\n * Apply Interim Fix [PI76781](<http://www-01.ibm.com/support/docview.wss?uid=swg24043324>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24036967>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036505>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035398>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034998>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034447>)Will upgrade you to IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 [](<http://www-01.ibm.com/support/docview.wss?uid=swg24033359>)Fix Pack 41\n**\\--OR--**\n\n * Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 14 (8.0.0.14) or later (targeted to be available 16 October 2017).\n** \nFor V7.0.0.0 through 7.0.0.41 WebSphere Application Server and WebSphere Application Server Hypervisor Edition:**\n\nUpgrade to WebSphere Application Server Fix Pack 7.0.0.31 or later then apply the interim fix below: \n\n * Apply Interim Fix [PI76782](<http://www-01.ibm.com/support/docview.wss?uid=swg24043327>): Will upgrade you to IBM SDK, Java Technology Edition, Version 6 Service Refresh 16[](<http://www-01.ibm.com/support/docview.wss?uid=swg24033359>) Fix Pack 41\n**\\--OR--**\n\n * Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 43 (7.0.0.43) or later.\n \nFor unsupported versions of the above products, IBM recommends upgrading to a fixed, supported version of the product. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T07:07:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2017 CPU", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-15T07:07:01", "id": "490F1CC1FB87EE3C9419FE46CFBC9C89022CFC28645F183A9AE09BD05FF7E457", "href": "https://www.ibm.com/support/pages/node/291305", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:45:58", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 used by Tivoli Storage Manager for Virtual Environments (IBM Spectrum Protect for Virtual Environments): Data Protection for VMware and FlashCopy Manager (IBM Spectrum Protect Snapshot) for VMware. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThe following levels of Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect for Virtual Environments) are affected: \n\n * 8.1.0.0 through 8.1.0.1\n * 7.1.0.0 through 7.1.6.4\n * 6.4.0.0 through 6.4.3.5\n \n\n\nThe following levels of FlashCopy Manager (IBM Spectrum Protect Snapshot) for VMware are affected:\n\n * 4.1.0.0 through 4.1.6.1\n * 3.2.0.0 through 3.2.0.8\n \n\n\n## Remediation/Fixes\n\n**_Tivoli Storage Manager for VE: Data Protection for VMware Release_**\n\n| **_First Fixing VRMF Level_**| **_Platform_**| **_Link to Fix / Fix Availability Target_** \n---|---|---|--- \n8.1| 8.1.0.2| Linux \nWindows| [**http://www.ibm.com/support/docview.wss?uid=swg24043351**](<http://www.ibm.com/support/docview.wss?uid=swg24043351>) \n7.1| 7.1.6.5| Linux \nWindows| [**http://www.ibm.com/support/docview.wss?uid=swg24042520**](<http://www-01.ibm.com/support/docview.wss?uid=swg24042520>)** ** \n6.4| 6.4.3.6| Linux \nWindows| [**http://www.ibm.com/support/docview.wss?uid=swg24041370**](<http://www.ibm.com/support/docview.wss?uid=swg24041370>) \n \n \n**_Tivoli Storage FlashCopy Manager for VMware Release _**| **_First Fixing VRMF Level_**| **_Platform_**| **_Link to Fix / Fix Availability Target_** \n---|---|---|--- \n4.1| 4.1.6.2| Linux| [**http://www.ibm.com/support/docview.wss?uid=swg24043426**](<http://www.ibm.com/support/docview.wss?uid=swg24043426>) \n3.2| 3.2.0.9| Linux| [**http://www.ibm.com/support/docview.wss?uid=swg24043440**](<http://www.ibm.com/support/docview.wss?uid=swg24043440>)** ** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:37:48", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect Tivoli Storage Manager (IBM Spectrum Protect) for Virtual Environments: Data Protection for VMware and FlashCopy Manager (IBM Spectrum Protect Snapshot) for VMware", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-17T15:37:48", "id": "21291E7103EF813617AD5162F9C81594AEA73B724194E64B80D67B6DDB05F469", "href": "https://www.ibm.com/support/pages/node/294079", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:42:08", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 6, 7, and 8, which are used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n\n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Rational ClearCase, versions 7.1, 7.1.1, 7.1.2, 8.0, 8.0.1 and 9.0 in the following components: \n\n\n * CCRC WAN server/CM Server component, when configured to use SSL\n * ClearCase remote client: CCRC/CTE GUI, rcleartool, and CMAPI clients, when using SSL to access a CCRC WAN Server/CM Server\n\n**ClearCase version**\n\n| \n\n**Status** \n \n---|--- \n \n9.0.1, 9.0.1.1\n\n| \n\nNot Affected \n \n9.0 through 9.0.0.4\n\n| \n\nAffected \n \n8.0.1 through 8.0.1.14\n\n| \n\nAffected \n \n8.0 through 8.0.0.21\n\n| \n\nAffected \n \n7.1.2 through 7.1.2.19 (all fix packs)\n\n| \n\nAffected \n \n## Remediation/Fixes\n\nThe solution is to install a fix that includes an updated Java\u2122 Virtual Machine with fixes for the issues, and to apply fixes for WebSphere Application Server (WAS). \n \n**CCRC Client fixes**\n\nApply the relevant fixes as listed in the table below. \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n \n9.0 through 9.0.0.4\n\n| Install [Rational ClearCase Fix Pack 5 (9.0.0.5) for 9.0](<http://www.ibm.com/support/docview.wss?uid=swg24043920>) or install [Rational ClearCase release 9.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24043585>) \n \n8.0.1 through 8.0.1.14 \n8.0 through 8.0.0.21\n\n| Install [Rational ClearCase Fix Pack 15 (8.0.1.15) for 8.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24043918>) \n \n7.1.2 through 7.1.2.19 (all fix packs)\n\n| Customers should upgrade to a fixed, supported version/release of the product. \n \n**Notes:**\n * If you use CCRC as an extension offering installed into an Eclipse shell (one not provided as part of a ClearCase release), or you use rcleartool or CMAPI using a Java\u2122 Virtual Machine not supplied by IBM as part of Rational ClearCase, you should update the Java\u2122 Virtual Machine that you use to include a fix for the above issues. Contact the supplier of your Java\u2122 Virtual Machine and/or the supplier of your Eclipse shell.\n**CCRC WAN server fixes**\n\n 1. Determine the WAS version used by your CCRC WAN server. Navigate to the CCRC profile directory (either the profile you specified when installing ClearCase, or `<ccase-home>/common/ccrcprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section.\n 2. Review the following WAS security bulletin: \n \n[Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2017 CPU](<http://www.ibm.com/support/docview.wss?uid=swg21998379>) \n \n[](<http://www.ibm.com/support/docview.wss?uid=swg21982223>)and apply the latest available fix for the version of WAS used for CCRC WAN server.\n**Note: **there may be newer security fixes for WebSphere Application Server. Follow the link below (in the section \"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-07-10T08:34:12", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect IBM Rational ClearCase (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-07-10T08:34:12", "id": "0056EE11EA09B36A49F1DE64F6E08BAB43933908E22425A1B41961979BB625D5", "href": "https://www.ibm.com/support/pages/node/559947", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:41:01", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7.1 \nthat is used by IBM Application Delivery Intelligence v1.0.1, v1.0.1.1 and v1.0.2. This issue was disclosed as part of the IBM Java SDK updates in Jan 2017\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Application Delivery Intelligence 1.0.1, 1.0.1.1, and 1.0.2\n\n## Remediation/Fixes\n\nCustomers need to do the following to apply the fix: \n \n1\\. Stop the server. Navigate to the unzipped-archive/adi/server directory and run this script: server.shutdown \n2\\. Delete jre directory from unzipped-archive/server/jre \n3\\. Download ibm-java-jre-7.1-4.1, unzip it and copy the jre directory to unzipped-archive/server (you are providing the jre directory that you deleted in step 2). \n \nDownload links: \n**Windows:** \n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FRational%2FIBM+Application+Delivery+Intelligence&fixids=ADI_1.0.1_1.0.2_security_windows_fp1&source=SAR&function=fixId&parent=ibm/Rational](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FRational%2FIBM+Application+Delivery+Intelligence&fixids=ADI_1.0.1_1.0.2_security_windows_fp1&source=SAR&function=fixId&parent=ibm/Rational>) \n**Linux:** \n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FRational%2FIBM+Application+Delivery+Intelligence&fixids=ADI_1.0.1_1.0.2_security_linux_fp1&source=SAR&function=fixId&parent=ibm/Rational](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FRational%2FIBM+Application+Delivery+Intelligence&fixids=ADI_1.0.1_1.0.2_security_linux_fp1&source=SAR&function=fixId&parent=ibm/Rational>) \n \n4\\. Navigate to the unzipped-archive/adi/server directory, open server.startup script using prefered text editor (e.g., Notepad for Windows or Vim Editor for Linux) and add one more option to the healthcenter parameter set: \n \n**Windows:** \nModify the line numbered 125 (where HEALTHCENTER_OPTS parameter located) by adding a new healthcenter option: \n_-Dsun.rmi.registry.registryFilter=javax.rmi.CORBA.Stub_ \n \nBefore modification: \n_set HEALTHCENTER_OPTS=-agentlib:healthcenter __-Dcom.ibm.java.diagnostics.healthcenter.agent.port=1972 _ \nAfter modification: \n_set HEALTHCENTER_OPTS=-agentlib:healthcenter -Dcom.ibm.java.diagnostics.healthcenter.agent.port=1972 __-Dsun.rmi.registry.registryFilter=javax.rmi.CORBA.Stub_ \n \n**Linux:** \nModify the line numbered 157 (where HEALTHCENTER_OPTS parameter located) by adding a new healthcenter option: \n_-Dsun.rmi.registry.registryFilter=javax.rmi.CORBA.Stub_ \n \nBefore modification: \n_export HEALTHCENTER_OPTS=\"-agentlib:healthcenter -Dcom.ibm.java.diagnostics.healthcenter.agent.port=1972\" _ \nAfter modification: \n_export HEALTHCENTER_OPTS=\"-agentlib:healthcenter -Dcom.ibm.java.diagnostics.healthcenter.agent.port=1972 _ \n_-Dsun.rmi.registry.registryFilter=javax.rmi.CORBA.Stub\"_ \n \nNote, if the line numbers are not exactly matched, search parameter _-Dcom.ibm.java.diagnostics.healthcenter.agent_ in server.startup script to find the line containing the health center parameter. \n \n5\\. Start the server. Navigate to the unzipped-archive/adi/server directory and run this script: server.startup \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM Application Delivery Intelligence v1.0.1, v1.0.1.1, and v1.0.2. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547,CVE-2016-5548, CVE-2016-5549)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-08-03T04:23:43", "id": "04CCD85F205DB5AE3B48DF024CA31C67FF8428AFCAA4F57505358014C07CB875", "href": "https://www.ibm.com/support/pages/node/293777", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:53:36", "description": "## Summary\n\nThere are multiple vulnerabiltities in the IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in January 2017. \n\n## Vulnerability Details\n\nFor information on the IBM Java SDK that is now bundled with WebSphere Application Server Version 8.5.5 refer to the Knowledge Center link in the References section. \n \nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the References section for more information. \nHP fixes are on a delayed schedule. \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0 through 1.0.0.7 and 2.2.0.0 through 2.2.3.2\n\n## Remediation/Fixes\n\nPlease see the IBM Java SDK Security Bulletin for WebSphere Application Server to determine which WebSphere Application Server versions are affected. The interim fix 1.0.0.0-WS-WASPATTERNS-JDK-JAN17 can be used to apply the July SDK versions in a PureApplication Environment. \n\nDownload the interim fix [1.0.0.0-WS-WASPATTERNS-JDK-JAN17. ](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Application+Server+Patterns&release=All&platform=All&function=fixId&fixids=1.0.0.0-WS-WASPATTERNS-JDK-JAN17&includeRequisites=1&includeSupersedes=0>)_ _\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T07:07:05", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2017 CPU that is bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-15T07:07:05", "id": "E53559E7A7258D1A9CC240705ADA19663A561AFB3905A8FB3C41236DFF6DE69A", "href": "https://www.ibm.com/support/pages/node/292705", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:45:58", "description": "## Summary\n\nVulnerability in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 Service Refresh 9 Fix Pack 60 that is used by IBM Operations Analytics Predictive Insights 1.3.5. This issue was disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \n****DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\n\n## Affected Products and Versions\n\nIBM Operations Analytics Predictive Insights 1.3.5 and earlier\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \n_IBM Operations Analytics Predictive Insights_| _1.3.0,_ \n_1.3.1,_ \n_1.3.2,_ \n_1.3.3,_ \n_1.3.4,_ \n_1.3.5_| _See work around_ \n \n \n\n\n## Workarounds and Mitigations\n\n_Installation Instructions_ \n\\------------------------- \nAs the user that installed the Predictive Insights UI component, e.g scadmin \n1\\. Download [_java-sdk-7.0.10.1_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?product=ibm/WebSphere/Java&release=All&platform=All&function=fixId&fixids=7.0.10.1-JavaSE-SDK-Linuxx86_6464&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) from Fix Central \n2\\. Stop the UI server used by IBM Operations Analytics Predictive Insights \n/<UI_HOME>/bin/pi.sh -stop \nwhere UI_HOME is typically /opt/IBM/scanalytics/UI \n3\\. cd <UI_HOME> \n4\\. Rename JAVA SDK installation folder \nmv ibm-java-x86_64-70 ibm-java-x86_64-70_orig \n5\\. untar ibm-java-sdk-7.0-10.1-linux-x86_64.tgz into <UI_HOME> folder (this will create a new ibm-java-x86_64-70 folder in <UI_HOME>) \n6\\. start UI server \n<UI_HOME>/bin/pi.sh -start \n \n_Remove Update Instructions_ \n\\------------------------------- \nAs the user that installed the Predictive Insights UI component, e.g scadmin \n1\\. Stop the UI server used by IBM Operations Analytics Predictive Insights \n<UI_HOME>/bin/pi.sh -stop \nwhere UI_HOME is typically /opt/IBM/scanalytics/UI \n3\\. cd <UI_HOME> \n4\\. mv ibm-java-x86_64-70 ibm-java-x86_64-70_iFix \n5\\. Replace the JAVA SDK installation folder with the original \nmv ibm-java-x86_64-70_orig ibm-java-x86_64-70 \n6\\. start UI server \n<UI_HOME>/bin/pi.sh -start\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:37:09", "type": "ibm", "title": "Security Bulletin: Vulnerability in IBM Java SDK affects IBM Operations Analytics Predictive Insights (CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-17T15:37:09", "id": "5429E38F465E299C92AC7DD86F130BA87C6D67982845432134DB7C6219AD5893", "href": "https://www.ibm.com/support/pages/node/293471", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:52:34", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6. that is used by Financial Transaction Manager (FTM) for Corporate Payment Services. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n\\- FTM for CPS v2.1.1.0, v2.1.1.1, v2.1.1.2, v2.1.1.3, v2.1.1.4\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nFTM for Corporate Payment Services| 2.1.1.0, \n2.1.1.1, \n2.1.1.2, \n2.1.1.3, \n2.1.1.4| PI78968| Apply [2.1.1-FTM-CPS-MP-fp0005](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=2.1.1-FTM-CPS-MP-fp0005&includeSupersedes=0&source=fc>) or later \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T20:09:16", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Financial Transaction Manager for Corporate Payment Services", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-16T20:09:16", "id": "D10BDEF686E7C5314CE467BADB66FF3B6869A323887E4C37D29EEBDADD0D5E07", "href": "https://www.ibm.com/support/pages/node/557979", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:52:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7, which is used by Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plain text data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \n\n\n## Affected Products and Versions\n\n\\- FTM for ACH Services v3.0.0.0 - 3.0.0.15, v3.0.1.0, v3.0.2.0 - 3.0.2.1, v3.0.3.0 \n\n\\- FTM for Check Services v3.0.0.0 - 3,00.15, v3.0.1.0, v3.0.2.0 - 3.0.2.1, v3.0.3.0\n\n\\- FTM for CPS v3.0.0.0 - 3.0.0.15, v3.0.1.0, v3.0.2.0 - 3.0.2.1, v3.0.3.0\n\n## Remediation/Fixes\n\n**Remediation/Fixes**\n\n| | _Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nFTM for ACH Services| 3.0.0.0 through 3.0.0.15| PI78960| Apply [3.0.0.15-FTM-ACH-MP-iFix0009](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.0.15-FTM-ACH-MP-iFix0009&includeSupersedes=0>) or later. \nFTM for Check Services| 3.0.0.0 through 3.0.0.15| PI78960| Apply [3.0.0.15-FTM-Check-MP-iFix0009](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.0.15-FTM-Check-MP-iFix0009&includeSupersedes=0>) or later. \nFTM for CPS| 3.0.0.0 through 3.0.0.15| PI78960| Apply [3.0.0.15-FTM-CPS-MP-iFix0009](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.0.15-FTM-CPS-MP-iFix0009&includeSupersedes=0>) or later. \n \n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nFTM for ACH Services| 3.0.1.0| PI78960| Apply [3.0.1.0-FTM-ACH-MP-iFix0008](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.1.0-FTM-ACH-MP-iFix0008&includeSupersedes=0>) or later. \nFTM for Check Services| 3.0.1.0| PI78960| Apply [3.0.1.0-FTM-Check-MP-iFix0008](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.1.0-FTM-Check-MP-iFix0008&includeSupersedes=0>) or later. \nFTM for CPS| 3.0.1.0| PI78960| Apply [3.0.1.0-FTM-CPS-MP-iFix0008](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.1.0-FTM-CPS-MP-iFix0008&includeSupersedes=0>) or later. \n \n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nFTM for ACH Services| 3.0.2.0 through 3.0.2.1| PI78960| Apply [3.0.2.1-FTM-ACH-MP-iFix0002](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.2.1-FTM-ACH-MP-iFix0002&includeSupersedes=0>) or later. \nFTM for Check Services| 3.0.2.0 through 3.0.2.1| PI78960| Apply [3.0.2.1-FTM-Check-MP-iFix0002](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.2.1-FTM-Check-MP-iFix0002&includeSupersedes=0>) or later. \nFTM for CPS| 3.0.2.0 through 3.0.2.1| PI78960| Apply [3.0.2.1-FTM-CPS-MP-iFix0002](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.2.1-FTM-CPS-MP-iFix0002&includeSupersedes=0>) or later. \n \n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nFTM for ACH Services| 3.0.3.0| PI78960| Apply [3.0.3.0-FTM-ACH-MP-iFix0002](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.3.0-FTM-ACH-MP-iFix0002&includeSupersedes=0>) or later. \nFTM for Check Services| 3.0.3.0| PI78960| Apply [3.0.3.0-FTM-Check-MP-iFix0002](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.3.0-FTM-Check-MP-iFix0002&includeSupersedes=0>) or later. \nFTM for CPS| 3.0.3.0| PI78960| Apply [3.0.3.0-FTM-CPS-MP-iFix0002](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.3.0-FTM-CPS-MP-iFix0002&includeSupersedes=0>) or later. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T20:09:16", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-16T20:09:16", "id": "D3A0DA62A5170AD945AF0956BCB67E86AAF4FEC9192BF04A798E566206BA1BC3", "href": "https://www.ibm.com/support/pages/node/557973", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-03T17:44:35", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Intelligent Operations Center and related products. Oracle released the January 2017 critical patch updates that contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with IBM WebSphere Application Server.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [](<https://vulners.com/cve/CVE-2016-5548>)[_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [](<https://vulners.com/cve/CVE-2016-5548>)[_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\n**Principal Product and Versions**\n\n| **Affected Supporting Products and Versions** \n---|--- \nIBM Intelligent Operations Center V5.1| IBM WebSphere Application Server V7.0 \nIBM Intelligent Operations Center V1.5, V1.6 \nIBM Intelligent Operations Center for Emergency Management V5.1 \nIBM Intelligent Operations Center for Emergency Management V1.6 \nIBM Intelligent Operations for Water V1.0, V1.5, V1.6 \nIBM Intelligent Operations for Transportation V1.0, V1.5, V1.6 \nIBM Intelligent City Planning and Operations V1.5, V1.6 \n \n## Remediation/Fixes\n\nConsult the security bulletin, [Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2017 CPU](<http://www.ibm.com/support/docview.wss?uid=swg21998379>), for information about fixes.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T21:04:31", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK have been identified in IBM WebSphere Application Server shipped with IBM Intelligent Operations Center products (January 2017 CPU)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2022-08-19T21:04:31", "id": "85D99759D6DDD213709202E4F55212241CF73C31554DD57FB2F87409A7B0DFE1", "href": "https://www.ibm.com/support/pages/node/294009", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-03T17:44:36", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 used by IBM License Metric Tool and IBM BigFix Inventory. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nIBM License Metric Tool v9 \n\nIBM BigFix Inventory v9\n\n## Remediation/Fixes\n\nUpgrade to version 9.2.7 or later using the following procedure: \n\n * In IBM Endpoint Manager console, expand **IBM BigFix Inventory **or** IBM License Reporting (ILMT)** node under **Sites** node in the tree panel.\n * Click **Fixlets and Tasks** node. **Fixlets and Tasks** panel will be displayed on the right.\n * In the **Fixlets and Tasks** panel locate _Upgrade to the newest version of IBM BigFix Inventory 9.x _or _Upgrade to the newest version IBM License Metric Tool 9.x_ fixlet and run it against the computer that hosts your server.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T21:04:31", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2022-08-19T21:04:31", "id": "FB60760FFBC4C1641885367A133FC454DC2E0574DCD44CF7D9CE310281E34594", "href": "https://www.ibm.com/support/pages/node/293751", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:45:01", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Integrated Information Core. Oracle released the January 2017 critical patch updates that contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with IBM WebSphere Application Server.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [](<https://vulners.com/cve/CVE-2016-5548>)[_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [](<https://vulners.com/cve/CVE-2016-5548>)[_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nIBM Integrated Information Core V1.5, V1.5.0.1 and V1.5.0.2| IBM WebSphere Application Server V7.0 \n \n## Remediation/Fixes\n\nConsult the security bulletin, [Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2017 CPU](<http://www.ibm.com/support/docview.wss?uid=swg21998379>), for information about fixes.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T22:28:40", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK have been identified in IBM WebSphere Application Server shipped with IBM Integrated Information Core (January 2017 CPU)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-17T22:28:40", "id": "AAF2444D3693DEED732DDA3749D3E19CD9BC8EC4BAA8F06BE89546470C973EEB", "href": "https://www.ibm.com/support/pages/node/291383", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:44:50", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION****:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION**: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION****:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION****:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION****:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Tivoli System Automation for Multiplatforms 4.1.0.0 \u2013 4.1.0.3 \nIBM Tivoli System Automation for Multiplatforms 3.2.2.9\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the corresponding fix to IBM Tivoli System Automation for Multiplatforms. To select the fix you need to apply in your environment, click on 'Download link' in the table below. \n \n* If you are running IBM Tivoli System Automation for Multiplatforms 4.1, please apply interim fix \u201c4.1.0.3-TIV-ITSAMP-<OS>-IF0001\u201d where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of any fixpack of version 4.1. \n* If you are running IBM Tivoli System Automation for Multiplatforms 3.2.2, please first upgrade to fixpack IBM Tivoli System Automation for Multiplatforms 3.2.2.9. Then apply interim fix \u201c3.2.2.9-TIV-ITSAMP-<OS>-IF0002\u201d where <OS> represents the operating system for which you want to install the fix of this product version. Please note that this interim fix can not be applied to fixpack IBM Tivoli System Automation for Multiplatforms 3.2.2.8 or lower. \n* If you are running IBM Tivoli System Automation for Multiplatforms 3.2.1 or IBM Tivoli System Automation for Multiplatforms 3.2.0, then please contact IBM support. \n \n\n\n_Product_| _VRMF_| _APAR_ \n---|---|--- \nIBM Tivoli System Automation for Multiplatforms| 4.1 and 3.2.2| [Download link](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+System+Automation+for+Multiplatforms&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:39:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-17T15:39:25", "id": "2738301572CC0670AAB7ACA2C963C38B5B1394CC42119918238395FE970B332F", "href": "https://www.ibm.com/support/pages/node/559171", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:46:53", "description": "## Summary\n\nSecurity vulnerabilities have been identified in IBM\u00ae Runtime Environment Java\u2122 Technology Edition that is used by Watson Explorer Content Analytics Studio.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThese vulnerabilities apply to the following product and version: \n\n * Watson Explorer Content Analytics Studio version 11.0.0.3 and earlier, version 11.0.1, version 11.0.2.\n\n## Remediation/Fixes\n\nFollow these steps to upgrade to the required version of IBM Java Runtime. \n\nThe table reflects product names at the time the specified versions were released. To use the links to Fix Central in this table, you must first log in to the IBM Support Fix Central site at <http://www.ibm.com/support/fixcentral/>.\n\n \n \n**Affected Product**| **Affected Versions**| **Required IBM Java Runtime**| **How to acquire and apply the fix** \n---|---|---|--- \nIBM Watson Explorer Content Analytics Studio| 11.0 - 11.0.0.3, \n11.0.1| JVM 8 SR4 FP1 or later| Upgrade to Version 11.0.2. For information about this version, and links to the software and release notes, see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24042893>). For information about upgrading, see the [upgrade procedures](<http://www.ibm.com/support/docview.wss?uid=swg27049072>). \nIBM Watson Explorer Content Analytics Studio| 11.0.2| JVM 8 SR4 FP1 or later| \n\n 1. Download the IBM Java Runtime, Version 8 package and operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.0&platform=All&function=all>): interim fix \n**11.0.2.0-WS-WatsonExplorer-AEAnalytical-CAStudio-8SR4FP1** or later. \nFor example, 11.0.2.0-WS-WatsonExplorer-AEAnalytical-CAStudio-8SR4FP5, which includes 64-bit version of IBM Java Runtime.\n 2. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg22003954>). \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T13:09:05", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect Watson Explorer Content Analytics Studio (CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5547 CVE-2016-2183)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-17T13:09:05", "id": "2D1FE18DD0824F907F15EE3F25290AD46DBAB033270BCAD24610F562DB73F515", "href": "https://www.ibm.com/support/pages/node/561453", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:39:45", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 6, 7, and 8, which are used by IBM Rational ClearQuest. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n * IBM Rational ClearQuest, versions 7.1, 7.1.1, 7.1.2, 8.0, 8.0.1 and 9.0 in the following components: \n\n\n * ClearQuest Web/CQ OSLC server/CM Server component, when configured to use SSL.\n * ClearQuest Eclipse clients that use Report Designer, run remote reports on servers using secure connections, or use the embedded browser to connect to secure web sites. If you do not use the ClearQuest Eclipse client in this way, then you are not affected.\n\n**ClearQuest version**\n\n| \n\n**Status** \n \n---|--- \n \n9.0.1, 9.0.1.1\n\n| \n\nNot Affected \n \n9.0 through 9.0.0.4\n\n| \n\nAffected \n \n8.0.1 through 8.0.1.14\n\n| \n\nAffected \n \n8.0 through 8.0.0.21\n\n| \n\nAffected \n \n7.1.2 through 7.1.2.19 (all fix packs)\n\n| \n\nAffected \n \n## Remediation/Fixes\n\nThe solution is to install a fix that includes an updated Java\u2122 Virtual Machine with fixes for the issues, and to apply fixes for WebSphere Application Server (WAS). \n \n**ClearQuest Web/CQ OSLC Server/CM Server Component** \n\n\n 1. Determine the WAS version used by your CM server. Navigate to the CM profile directory (either the profile you specified when installing ClearQuest, or `<clearquest-home>/cqweb/cqwebprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section.\n 2. Review the following WAS security bulletin: \n \n[Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2017 CPU](<http://www.ibm.com/support/docview.wss?uid=swg21998379>) \n \n[](<http://www.ibm.com/support/docview.wss?uid=swg21982223>)and apply the latest available fix for the version of WAS used for CM server.\n \n**Note: **there may be newer security fixes for WebSphere Application Server. Follow the link below (in the section \"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-04T16:40:40", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2020-02-04T16:40:40", "id": "D3C39AB5E44022CE078484BB00E5E494D63631603BBCE0882D9082C2ED377CFC", "href": "https://www.ibm.com/support/pages/node/559987", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:41:30", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 7 and 8 that are used by Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software. These issues were disclosed as part of the IBM Java SDK updates in January 2017 and October 2016.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\n**Product Name**\n\n| **Versions Affected** \n---|--- \nRational Developer for Power Systems Software| 8.5, 8.5.1 \nRational Developer for i| 9.0, 9.0.0.1, 9.0.1, 9.1, 9.1.1, 9.1.1.1, 9.5, 9.5.0.1, 9.5.0.2, 9.5.0.3, 9.5.1, 9.5.1.1 \nRational Developer for AIX and Linux, AIX COBOL Edition| 9.0, 9.0.0.1, 9.0.1, 9.1, 9.1.1, 9.1.1.1, 9.1.1.2, 9.1.1.3, 9.1.1.4 \nRational Developer for AIX and Linux, C/C++ Edition| 9.0, 9.0.0.1, 9.0.1, 9.1, 9.1.1, 9.1.1.1, 9.1.1.2, 9.1.1.3, 9.1.1.4 \n \n## Remediation/Fixes\n\nUpdate the IBM SDK, Java Technology Edition of the product to address this vulnerability: \n\n**Product**\n\n| **VRMF**| **Remediation/First Fix** \n---|---|--- \nRational Developer for Power Systems Software| 8.5 through 8.5.1| \n\n * For all versions, apply interim fix: [_8.5-Rational-RDP-IFix-IBMJDK7SR10FP1 - January 2017 - RD Power_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Developer+for+Power+Systems+Software&release=8.5.0.0&platform=Windows&function=fixId&fixids=8.5-Rational-RDP-IFix-IBMJDK7SR10FP1&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>) \nRational Developer for i| 9.0 through to 9.1| \n\n * For all versions, update the currently installed product using Installation Manager. ** **For instructions on installing this update using Installation Manager, review the topic [_Updating Installed Product Packages_](<http://www.ibm.com/support/knowledgecenter/SSAE4W_9.1.1/com.ibm.etools.iseries.install.doc/topics/t_upgrading.html>) in the IBM Knowledge Center. \n * Or, you can optionally download the update manually and apply interim fix: [_Rational-RDI-IFix-IBMJDK7SR10FP1 - January 2017 - RDi_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Developer+for+i&release=All&platform=All&function=fixId&fixids=Rational-RDI-IFix-IBMJDK7SR10FP1&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>) and interim fix: [_Rational-RDI-IFix-JavaProfiler-v90andv91-201704_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Developer+for+i&release=All&platform=All&function=fixId&fixids=Rational-RDI-IFix-JavaProfiler-v90andv91-201704&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>) \nRational Developer for i| 9.5| \n\n * For all versions, update the currently installed product using Installation Manager. ** **For instructions on installing this update using Installation Manager, review the topic [_Updating Installed Product Packages_](<http://www.ibm.com/support/knowledgecenter/SSAE4W_9.1.1/com.ibm.etools.iseries.install.doc/topics/t_upgrading.html>) in the IBM Knowledge Center. \n * Or, you can optionally download the update manually and apply fix pack: [_9.5.1.2-Rational-RDI-fp_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Developer+for+i&release=All&platform=All&function=fixId&fixids=9.5.1.2-Rational-RDI-fp&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>) \nand interim fix: [_Rational-RDI-IFix-JavaProfiler-v95-201704_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Developer+for+i&release=All&platform=All&function=fixId&fixids=Rational-RDI-IFix-JavaProfiler-v95-201704&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>) \nRational Developer for AIX and Linux| 9.0 through to 9.1| \n\n * For all client versions, update the currently installed product using Installation Manager. For instructions on installing this update using Installation Manager, review the topic [_Updating Installed Product Packages_](<http://www.ibm.com/support/knowledgecenter/SSPSQF_9.1.1/com.ibm.etools.install.rdal.doc/topics/t_upgrading.html>) in the IBM Knowledge Center. \n * Or, you can optionally download and manually apply interim fix: [_Rational-RDAIXLINUX-IFix-IBMJDK7SR10FP1 - Januay 2017 - RDAL_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Developer+for+AIX+and+Linux&release=All&platform=All&function=fixId&fixids=Rational-RDAIXLINUX-IFix-IBMJDK7SR10FP1&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>) and interim fix: [_Rational-RDAIXLINUX-IFix-JavaProfiler-v90andv91-201704_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Developer+for+AIX+and+Linux&release=All&platform=All&function=fixId&fixids=Rational-RDAIXLINUX-IFix-JavaProfiler-v90andv91-201704&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>) \n \nWhen running Java JVMTI execution analysis profiling, with Java 7 or 8 JDK (that is released after January 2017), you might get a Java VerifyError exception in JNI, which causes no execution analysis profiling data to display. To resolve this, apply the following fix: <http://www-01.ibm.com/support/docview.wss?uid=swg22001889>\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-08-03T04:23:43", "id": "8A2ACA257AB4B3D6F4C249E6C3067F3C8969F51AAE07BF57858F8E906EF7F475", "href": "https://www.ibm.com/support/pages/node/560439", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-03T17:53:14", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6 used by Optim Masking on Demand. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \u201cIBM Java SDK Security Bulletin\u201d, located in the References section for more information. \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThe IBM InfoSphere Optim Masking On Demand Data Privacy Application versions 9.1 and 11.3 running on Windows and Red Hat are affected.\n\n## Remediation/Fixes\n\nFor the 11.3 release, fix pack 4 (11.3.0.4) is required before installing iFix 13. \n\nFor the 9.1 release, fix pack 6 (9.1.0.6) is required before installing iFix 12.\n\n**_Product_**| **_VRMF_**| **_iFix_**| **_Remediation/First Fix_** \n---|---|---|--- \nIBM InfoSphere Optim Masking On Demand| 11.3| 13| \\- Apply [IBM InfoSphere Optim Masking On Demand 11.3.0.4](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/Optim&release=11.3.0&platform=All&function=fixId&fixids=Optim-MOD-11.03.00-FP04&includeSupersedes=0&source=fc>) \n\\- Apply [IBM InfoSphere Optim Masking On Demand 11.3 iFix 13](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/Optim&release=11.3.0&platform=All&function=fixId&fixids=OMOD-11.03.00-013&includeSupersedes=0&source=fc>) \nIBM InfoSphere Optim Masking On Demand| 9.1| 12| \\- Apply [IBM InfoSphere Optim Masking On Demand 9.1.0.6](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/Optim&release=ODMS.2.2.0&platform=All&function=all&source=fc>) \n\\- Apply[ IBM InfoSphere Optim Masking On Demand 9.1 iFix 12](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/Optim&release=ODMS.2.2.0&platform=All&function=fixId&fixids=OMOD-09.01.00-012&includeSupersedes=0&source=fc>) \n \nYou can install the OMOD patches for Optim Data Privacy Application (a.k.a, ModApp) using one of two methods: \n\n\n 1. Using the OMOD iFix that is found on FixCentral.\n 2. Follow the instructions in [this Technote](<http://www-01.ibm.com/support/docview.wss?uid=swg21997922>) to use IBM Installation Manger to directly download the iFix from IBM and apply it. **This method requires an external internet connection on the host machine containing Installation Manager and the Optim Data Privacy Application.**\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-08T20:36:58", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilites in IBM Java Runtime Affect IBM InfoSphere Optim Masking On Demand", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2021-07-08T20:36:58", "id": "D24802352877517E1A734910AA5B470C280E95428999292362B5DB5785262ED7", "href": "https://www.ibm.com/support/pages/node/560675", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:51:54", "description": "## Summary\n\nData server connection and product integration are shipped as a component of InfoSphere Optim Query Workload Tuner [for LUW, z/OS]. Information about security vulnerabilities affecting data server connection and product integration have been published in a security bulletin.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM InfoSphere Optim Query Workload Tuner for DB2 for LUW 4.1.2 and earlier \nIBM InfoSphere Optim Query Workload Tuner for DB2 for z/OS 4.1.2 and earlier\n\n## Remediation/Fixes\n\nEach affected product and version requires the upgrade of the IBM SDK, Java Technology Edition that is installed with the client. Install one of the following IBM Java SDK versions: \n\n * IBM SDK, Java Technology Edition, Version 8 Service Refresh 4 Fix Pack 1 and subsequent releases\n * IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 1 and subsequent releases\n * IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 1 and subsequent releases\n * IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 41 and subsequent releases\n * IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 41 and subsequent releases \n**Product**| **Version**| **IBM SDK** \n---|---|--- \nIBM InfoSphere Optim Query Workload Tuner for DB2 for LUW \n\nIBM InfoSphere Optim Query Workload Tuner for DB2 for z/OS\n\n| 3.1.0, 3.1.1| Replace JRE ([latest JRE V6](<http://g01zciwas018.ahe.pok.ibm.com/support/dcf/preview.wss?host=g01zcidbs003.ahe.pok.ibm.com&db=support/swg/dmgtech.nsf&unid=038842E883DFBFE0002580E60025FBA2&taxOC=SS7L9Q&MD=2017/03/17%2015:03:38&sid=>)) \nIBM InfoSphere Optim Query Workload Tuner for DB2 for LUW \n\nIBM InfoSphere Optim Query Workload Tuner for DB2 for z/OS\n\n| 3.2, 4.1.0, 4.1.0.1, 4.1.1| Replace JRE ([latest JRE V7](<http://g01zciwas018.ahe.pok.ibm.com/support/dcf/preview.wss?host=g01zcidbs003.ahe.pok.ibm.com&db=support/swg/dmgtech.nsf&unid=038842E883DFBFE0002580E60025FBA2&taxOC=SS7L9Q&MD=2017/03/17%2015:03:38&sid=>)) \n \nIBM InfoSphere Optim Query Workload Tuner for DB2 for LUW \n\nIBM InfoSphere Optim Query Workload Tuner for DB2 for z/OS\n\n| 4.1.2| Replace JRE ([latest JRE V8](<http://g01zciwas018.ahe.pok.ibm.com/support/dcf/preview.wss?host=g01zcidbs003.ahe.pok.ibm.com&db=support/swg/dmgtech.nsf&unid=038842E883DFBFE0002580E60025FBA2&taxOC=SS7L9Q&MD=2017/03/17%2015:03:38&sid=>)) \n \n * Detailed instructions are provided in the tech-note \"[**Updating the IBM SDK, Java\u2122 Technology Edition for InfoSphere Optim Query Workload Tuner [for LUW, z/OS] Products**](<http://g01zciwas018.ahe.pok.ibm.com/support/dcf/preview.wss?host=g01zcidbs003.ahe.pok.ibm.com&db=support/swg/dmgtech.nsf&unid=038842E883DFBFE0002580E60025FBA2&taxOC=SS7L9Q&MD=2017/03/17%2015:03:38&sid=>)\" \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T13:47:07", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in data server connection and product integration shipped with InfoSphere Optim Query Workload Tuner [for LUW, z/OS] (CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5547 CVE-2016-2183)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-16T13:47:07", "id": "B93B1ED022809B9A00E51D3D9FF14D51097C6F07EC178C4396907981684D8768", "href": "https://www.ibm.com/support/pages/node/294665", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:52:32", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that affects Algo Risk Application and Core. These vulnerabilities were disclosed as part of the IBM Java SDK updates in January 2017. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n * * Algo One Core 4.9.0\n * Algo One Core 5.0.0\n * Algo One Core 5.1.0\n * Algo One Algo Risk Application 4.9.1.0\n * Algo One Algo Risk Application 4.9.1.1\n * Algo One Algo Risk Application 5.0.0\n * Algo One Algo Risk Application 5.1.0\n\n## Remediation/Fixes\n\n**Product Name**\n\n| **iFix Name**| **Remediation/First Fix** \n---|---|--- \nAlgo One ARA| 5.1.0.0-5| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.1-5-Algo-One-ARA-if0186:0&includeSupersedes=0&source=fc&login=true](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.1-5-Algo-One-ARA-if0186:0&includeSupersedes=0&source=fc&login=true>) \nAlgo One ARA| 5.0.0.6-18| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.6-18-Algo-One-ARA-if0355:0&includeSupersedes=0&source=fc&login=true](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.6-18-Algo-One-ARA-if0355:0&includeSupersedes=0&source=fc&login=true>) \nAlgo One ARA| 4.9.1.1-23| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.1-23-Algo-One-ARA-if0050:0&includeSupersedes=0&source=fc&login=true](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.1-23-Algo-One-ARA-if0050:0&includeSupersedes=0&source=fc&login=true>) | \n| \n \n---|--- \nAlgo One ARA| 4.9.1.0-18| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.0-18-Algo-One-ARA-if0051:0&includeSupersedes=0&source=fc&login=true](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.0-18-Algo-One-ARA-if0051:0&includeSupersedes=0&source=fc&login=true>) \nAlgo One Core| 510-192| [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.0-1-Algo-One-AlgoCore-if0192:0&includeSupersedes=0&source=fc&login=true_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.0-1-Algo-One-AlgoCore-if0192:0&includeSupersedes=0&source=fc&login=true>) \nAlgo One Core| 500-362| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.0-1-Algo-One-AlgoCore-if0362:0&includeSupersedes=0&source=fc&login=true](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.0-1-Algo-One-AlgoCore-if0362:0&includeSupersedes=0&source=fc&login=true>) \nAlgo One Core| 490-226| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.0.0-1-Algo-One-AlgoCore-if0226:0&includeSupersedes=0&source=fc&login=true](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.0.0-1-Algo-One-AlgoCore-if0226:0&includeSupersedes=0&source=fc&login=true>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T22:49:25", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM Algo One - Algo Risk Application and Core (CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-15T22:49:25", "id": "56F2525873CB26E2DB226CC8119EE30731A25D91BAA62D20D78A2A86FFDEB7F2", "href": "https://www.ibm.com/support/pages/node/294949", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:40:45", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 and IBM\u00ae Runtime Environment Java\u2122 Version 7 used by TPF Toolkit. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nTPF Toolkit 4.0.x, and 4.2.x\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nTPF Toolkit| 4.2.x| JR57522| \n\n 1. Install the latest version of IBM Installation Manager.\n 2. Apply Interim Fix 4.2.10 by using IBM Installation Manager.\n 3. Update the Java installation on your z/OS or Linux on z Systems (or both) systems that the TPF Toolkit connects to. Download the latest version of Java from [_http://www.ibm.com/developerworks/java/jdk/_](<http://www.ibm.com/developerworks/java/jdk/>) \nTPF Toolkit| 4.0.x| JR57523| \n\n 1. Install the latest version of IBM Installation Manager.\n 2. Apply Interim Fix 4.0.12 by using IBM Installation Manager.\n 3. Update the Java installation on your z/OS or Linux on z Systems (or both) systems that the TPF Toolkit connects to. Download the latest version of Java from [_http://www.ibm.com/developerworks/java/jdk/_](<http://www.ibm.com/developerworks/java/jdk/>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect TPF Toolkit", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-08-03T04:23:43", "id": "E07E9939487B5F63C0252300712F7211E6C0B89676F9E5D5E2613D17BD23D356", "href": "https://www.ibm.com/support/pages/node/293003", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:45:49", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition and IBM\u00ae Runtime Environment Java\u2122 that are used by IBM Workload Scheduler. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Workload Scheduler is potentially impacted by the listed vulnerabilities since they potentially affect secure communications between eWAS and subcomponents. \n \nThe affected version is: \nTivoli Workload Scheduler Distributed 8.6.0 \nTivoli Dynamic Workload Console 8.6.0\n\n## Remediation/Fixes\n\nIBM has provided patches for all embedded WebSphere versions. \n \nFollow the instructions in the links below to install the fixes for eWAS 7.0.0.39 that is embedded in TWS 8.6 fixpack 04 : \n \n[](<https://www-01.ibm.com/support/docview.wss?uid=swg21990060>)<https://www-01.ibm.com/support/docview.wss?uid=swg21990060> \n \n<http://www-01.ibm.com/support/docview.wss?uid=swg21998379> \n \nThe fixes can be applied on top of TWS version 8.6 only after TWS 8.6 fixpack 04 has been installed. \n \n_For__ unsupported versions, releases or platforms__ IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nSee <https://www-01.ibm.com/support/docview.wss?uid=swg21990060> and <http://www-01.ibm.com/support/docview.wss?uid=swg21998379>\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:46:23", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Workload Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-17T15:46:23", "id": "661038D02866F33EB6B87BA93B6392F175A00BE95B7EEE223493C4967AEE22D5", "href": "https://www.ibm.com/support/pages/node/297415", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:50:30", "description": "## Summary\n\nAll applicable CVEs from Oracle's January 2017 CPU\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n\u00b7 IBM QRadar SIEM 7.2.0 - 7.2.8 Patch 6 \n\n\u00b7 IBM QRadar SIEM 7.3.0 \n\n## Remediation/Fixes\n\n[\u00b7 _IBM QRadar/QRM/QVM/QRIF/QNI 7.2.8 Patch 7_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=All&function=fixId&fixids=7.2.8-QRADAR-QRSIEM-20170530170730&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n\n[\u00b7 _IBM QRadar/QRM/QVM 7.3.0 Patch 1_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=All&function=fixId&fixids=7.3.0-QRADAR-QRFULL-20170503143306&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T22:01:04", "type": "ibm", "title": "Security Bulletin: IBM Java as used in IBM QRadar SIEM is vulnerable to multiple CVE's.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-16T22:01:04", "id": "89FB1F6DCB93BD46FCFDD81C133FAF99D78B130334B30CD3B4040684BCED2BBD", "href": "https://www.ibm.com/support/pages/node/563089", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-13T05:36:42", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition to which the IBM\u00ae FlashSystem\u2122 V840 is susceptible. An exploit of these vulnerabilities (CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-2183) could make the system susceptible to integrity and confidentiality impacts, and make it susceptible to a man-in-the-middle attack or a denial of service attack\n\n## Vulnerability Details\n\nSecurity Bulletin: Vulnerabilities in IBM SDK Java Technology Edition affects the IBM FlashSystem model V840 \n \n**Summary ** \nThere are vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition to which the IBM\u00ae FlashSystem\u2122 V840 is susceptible. An exploit of these vulnerabilities (CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-2183) could make the system susceptible to integrity and confidentiality impacts, and make it susceptible to a man-in-the-middle attack or a denial of service attack. \n \n**Vulnerability Details** \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nStorage Node machine type and models (MTMs) affected: 9840-AE1 and 9843-AE1 \nController Node MTMs affected: 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1 \n \nSupported storage node code versions which are affected \n\u00b7 VRMFs prior to 1.3.0.9 \n\u00b7 VRMFs prior to 1.4.7.0 \n \nSupported controller node code versions which are affected \n\u00b7 VRMFs prior to 7.7.1.6 \n\u00b7 VRMFs prior to 7.8.1.1\n\n## Remediation/Fixes\n\n_MTMs_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**Storage nodes:** \n9846-AE1 & \n9848-AE1 \n \n**Controller nodes:** \n9846-AC0, \n9846-AC1, \n9848-AC0, & \n9848-AC1| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream: \n \n___ Fixed Code VRMF __ \n_1.4 stream: 1.4.7.0 _ \n_1.3 stream: 1.3.0.9_ \n \n__Controller Node VRMF __ \n_8.1 stream: 8.1.0.0_ \n_7.8 stream: 7.8.1.1_ \n_7.7 stream: 7.7.1.6_| _ __N/A_| [**_FlashSystem V840 fixes_**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=1.0&platform=All&function=all>)** **for storage and controller node** **are available @ IBM\u2019s Fix Central \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T00:46:16", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition affects the IBM FlashSystem model V840", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-18T00:46:16", "id": "EF61076F398E7E703A00D1503205A1E6D7D23FD6F5942CC3C0F34D08EE3C113F", "href": "https://www.ibm.com/support/pages/node/650117", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:53:28", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae SDK Java\u2122 Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThe following products, running on all supported platforms, are affected: \nIBM InfoSphere Information Server: versions 8.7, 9.1, 11.3 and 11.5 \nIBM InfoSphere Information Server on Cloud: version 11.5\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud| 11.5| [_JR57473_](<http://www.ibm.com/support/docview.wss?uid=swg1JR57473>)| \\--Follow instructions in the [_README_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is115_JR57473_ISF_services_engine_*>) \nInfoSphere Information Server| 11.3| [_JR57473_](<http://www.ibm.com/support/docview.wss?uid=swg1JR57473>)| \\--Follow instructions in the [_README_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is113_JR57473_ISF_services_engine_*>) \nInfoSphere Information Server| 9.1| [_JR57473_](<http://www.ibm.com/support/docview.wss?uid=swg1JR57473>)| \\--Apply [_JR57473 _](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is91_JR57473_ISF_services_engine*>)on all tiers \nInfoSphere Information Server| 8.7| [_JR57473_](<http://www.ibm.com/support/docview.wss?uid=swg1JR57473>)| \\--Apply IBM InfoSphere Information Server version [_8.7 Fix Pack 2_](<http://www-01.ibm.com/support/docview.wss?uid=swg24034359>) \n\\--Apply [_JR57473_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is8702_JR57473_ISF_services_engine*>) on all tiers \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T13:47:54", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-16T13:47:54", "id": "6C7AB1012C7AEA493F61B3F3AE6FBBA52E283C9CF0A9AF85B280B9CA9D04A3EC", "href": "https://www.ibm.com/support/pages/node/559431", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:46:07", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 that is used by IBM Tivoli Netcool Configuration Manager (ITNCM). These issues were disclosed as part of the Java SE issues disclosed in the Oracle January 2017 Critical Patch Update . \n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the IBM Java SDK Security Bulletin, located in the References section for more information. \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n## Affected Products and Versions\n\nThe following releases are affected: \n \nITNCM 6.4.2.0 - 6.4.2.3 \nITNCM 6.4.1.0 - 6.4.1.4\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nITNCM| 6.4.2.3| none| Install: [6.4.2.3-TIV-ITNCM-IF001](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FTivoli&product=ibm/Tivoli/Tivoli+Netcool+Configuration+Manager&release=All&platform=All&function=fixId&fixids=6.4.2.3-TIV-ITNCM-IF001&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp>) \nITNCM| 6.4.1.4| none| Install: [6.4.1.4-TIV-ITNCM-IF004](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FTivoli&product=ibm/Tivoli/Tivoli+Netcool+Configuration+Manager&release=All&platform=All&function=fixId&fixids=6.4.1.4-TIV-ITNCM-IF004&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:36:16", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition, affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-5549) (CVE-2016-5548) (CVE-2016-5547) (CVE-2016-5546)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-17T15:36:16", "id": "817FAC9CA9C88D8423B21DFBA93857C752C9806FAFA0DA80E447C913E94C1D9E", "href": "https://www.ibm.com/support/pages/node/292673", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-21T05:53:25", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6, 7.0, 7.1, and 8.0 used by IBM SPSS Statistics Version 21, 22, 23, and 24. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM SPSS Statistics 21.0.0.2 \n\nIBM SPSS Statistics 22.0.0.2\n\nIBM SPSS Statistics 23.0.0.3\n\nIBM SPSS Statistics 24.0.0.1\n\nIBM SPSS Statistics 24.0.0.2 for Mac\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation/First Fix** \n \n---|---|---|--- \nIBM SPSS Statistics| 21.0.0.2| None| Install [_Statistics 21 FP002 IF013_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Statistics&release=21.0.0.2&platform=All&function=all>) \nIBM SPSS Statistics| 22.0.0.2| None| Install [_Statistics 22 FP002 IF014_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Statistics&release=22.0.0.2&platform=All&function=all>) \nIBM SPSS Statistics| 23.0.0.3| None| Install [_Statistics 23 FP003 IF007_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Statistics&release=23.0.0.3&platform=All&function=all>) \nIBM SPSS Statistics for Windows, Linux, and Aix| 24.0.0.1| None| Upgrade to [_24 FixPack 2_](<http://www-01.ibm.com/support/docview.wss?uid=swg24043574>) \nIBM SPSS Statistics for Mac| 24.0.0.1| None| Upgrade to [_24 FixPack 2_](<http://www-01.ibm.com/support/docview.wss?uid=swg24043574>) \nInstall [_Statistics 24 FP002 IF001_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Statistics&release=24.0.0.2&platform=All&function=all>) \nIBM SPSS Statistics for Mac| 24.0.0.2| None| Install [_Statistics 24 FP002 IF001_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Statistics&release=24.0.0.2&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T13:48:00", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM SPSS Statistics (CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-16T13:48:00", "id": "E5C69EFA39FF2FD80727237799E8EF29673581727BBDABA07DD43A19654119E1", "href": "https://www.ibm.com/support/pages/node/560091", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:40:31", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 and 7 that is used by IBM Enterprise Content Management System Monitor. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-5546](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120869> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [CVE-2016-5548](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120864> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-5549](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120863> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-5547](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120871> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Enterprise Content Management System Monitor v5.1.0 - v5.1.0.3 \nIBM Enterprise Content Management System Monitor v5.2.0 - v5.2.0.4\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **Remediation** \n---|---|--- \nIBM Enterprise Content Management System Monitor| 5.1.0 - 5.1.0.3| Use IBM Enterprise Content Management System Monitor v5.1.0.3 intrim fix 11 [ECM_SM-5.1.0-003-011](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.1.0.3&platform=All&function=all>) \nIBM Enterprise Content Management System Monitor| 5.2.0 - 5.2.0.4| Use IBM Enterprise Content Management System Monitor v5.2.0 fix pack 5 [ECM_SM__Server-5.2.0-005](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.1.0.3&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-30T07:48:35", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Enterprise Content Management System Monitor", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2019-08-30T07:48:35", "id": "95E18FF4914E6E4BE83A08A1ADAAFFA1524A8C188C1A59D88BB56AB9C9ED9228", "href": "https://www.ibm.com/support/pages/node/559129", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-21T01:49:51", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 1.7 used by IBM Security SiteProtector System. These issues were disclosed as part of the IBM Java SDK updates in Oct 2016 and Jan 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5597_](<https://vulners.com/cve/CVE-2016-5597>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118071_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118071>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Security SiteProtector System 3.0 and 3.1.1\n\n## Remediation/Fixes\n\nApply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view: \n \n**For SiteProtector 3.0:** \n \n\n\nSiteProtector Core Component\n\n| \n\nServicePack3_0_0_15.xpu \n \n---|--- \n \nSiteProtector Agent Manager\n\n| \n\nAgentManager_WINNT_XXX_ST_3_0_0_79.xpu \n \nSiteProtector Event Collector\n\n| \n\nRSEvntCol_WINNT_XXX_ST_3_0_0_12.xpu \n \n \n \n**For SiteProtector 3.1.1:** \n \n\n\nSiteProtector Core Component\n\n| \n\nServicePack3_1_1_11.xpu \n \n---|--- \n \nAlternatively, the packages can be manually obtained from the IBM Security License Key and Download Center using the following URL: \n<https://ibmss.flexnetoperations.com/service/ibms/login>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:51:09", "type": "ibm", "title": "Security Bulletin: Multiple vulnerability in IBM Java Runtime affect IBM Security SiteProtector System (CVE-2016-5597 CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5547 CVE-2016-2183)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5597"], "modified": "2018-06-16T21:51:09", "id": "C882C89B2B2EF702D5D615B6FB118F677DBF78B75B3C65EF291DF714D0BA3FE0", "href": "https://www.ibm.com/support/pages/node/294633", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:52:33", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 Service Refresh 9 Fix Pack 50 that is used by IBM B2B Advanced Communications. This issue was disclosed as part of the IBM Java SDK updates in January 2017 \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Multi-Enterprise Integration Gateway 1.0 - 1.0.0.1 \n\nIBM B2B Advanced Communications 1.0.0.2 - 1.0.0.5_2\n\n## Remediation/Fixes\n\n**_Fix*_**\n\n| **_VRMF_**| **_How to acquire fix_** \n---|---|--- \niFix 1.0.0.5_3| 1.0.0.5| IBM Fix Central > [](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.1&platform=All&function=fixId&fixids=IBM_Multi-Enterprise_Integration_Gateway_V1.0.0.1_3_iFix_Media&includeSupersedes=0>)[B2B_Advanced_Communications_V1.0.0.5_3_iFix_Media](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.5&platform=All&function=all>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T20:09:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552"], "modified": "2018-06-16T20:09:34", "id": "BD43DD1867AC2917BC9CDC37222E975203BCC23E7C7CF119168DA166A717B0C9", "href": "https://www.ibm.com/support/pages/node/559461", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:52:16", "description": "## Summary\n\nThere are vulnerabilities addressed in IBM WAS, IBM Runtime Environment Java\u2122Technology Edition, and OpenSSL that are used by ISD Storage Control. The Java issues were disclosed as part of the IBM Java updates for January 2017.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION: **An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n \n**CVEID:** [_CVE-2016-8919_](<https://vulners.com/cve/CVE-2016-8919>)** \nDESCRIPTION:** IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118529_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118529>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nFrom the IBM Systems Director command line enter **smcli lsver** to determine the level of IBM Systems Director installed. \n\n**Affected Product and Version(s)**| **Product and Version shipped as a component** \n---|--- \nIBM System Director Storage Control 4.2.6| IBM Systems Director 6.3.5 \nIBM System Director Storage Control 4.2.7| IBM Systems Director 6.3.6 \nIBM System Director Storage Control 4.2.8| IBM Systems Director 6.3.7 \n \n## Remediation/Fixes\n\nTo resolve this issue follow the instructions in table below. \n\n**Affected Product and Version(s)**| **Remediation Instructions** \n---|--- \nIBM System Director Storage Control 4.2.6| Technote [**812452926**](<http://www-01.ibm.com/support/docview.wss?uid=nas7048b55bc567477a3862580f90053c118>) in the [**Support Portal**](<https://www-947.ibm.com/support/entry/portal/support/>) \nIBM System Director Storage Control 4.2.7| Technote [**812452926**](<http://www-01.ibm.com/support/docview.wss?uid=nas7048b55bc567477a3862580f90053c118>) in the [**Support Portal**](<https://www-947.ibm.com/support/entry/portal/support/>) \nIBM System Director Storage Control 4.2.8| Technote [**812452926**](<http://www-01.ibm.com/support/docview.wss?uid=nas7048b55bc567477a3862580f90053c118>) in the [**Support Portal**](<https://www-947.ibm.com/support/entry/portal/support/>) \n \nIBM Systems Director Storage Control versions pre-4.2.6 are unsupported and will not be fixed. IBM recommends upgrading to a fixed, supported version of the product. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T01:35:36", "type": "ibm", "title": "Security Bulletin: IBM Systems Director (ISD) Storage Control is affected by vulnerabilities in IBM Websphere Application Server (WAS), OpenSSL and IBM Java Runtime.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-8919"], "modified": "2018-06-18T01:35:36", "id": "69A6EA281AC4328BC81447DEAF94CFCF026681260E4F53E94DBA50F99D58DCC7", "href": "https://www.ibm.com/support/pages/node/630947", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T21:41:06", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 used by the Elastic Storage Server and the GPFS Storage Server. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThe Elastic Storage Server 5.0 \n\nThe Elastic Storage Server 4.5.0 - 4.5.1 \n\nThe Elastic Storage Server 4.0.0 - 4.0.6\n\nThe Elastic Storage Server 3.5.0 - 3.5.6\n\nThe Elastic Storage Server 3.0.0 - 3.0.5\n\nThe Elastic Storage Server 2.5.0 - 2.5.5\n\nThe GPFS Storage Server 2.0.0 - 2.0.7\n\n## Remediation/Fixes\n\nFor the Elastic Storage Server 5.0, upgrade to 5.0.1 available at [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+%28ESS%29&release=5.0.0&platform=All&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+%28ESS%29&release=5.0.0&platform=All&function=all>)\n\nFor the Elastic Storage Server 4.0.0 thru 4.0.6 and 4.5.0 thru 4.5.1, upgrade to 4.5.2 or 4.6 available at_ \n_[_https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale+RAID&release=4.2.1&platform=All&function=all_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale+RAID&release=4.2.1&platform=All&function=all>)\n\nIn all cases, see the release note for details on installation.\n\nFor the Elastic Storage Server 4.0.0 thru 4.0.6, 4.5.0 thru 4.5.1, and 5.0, if you are unable to upgrade, contact IBM Service to obtain an efix referencing APAR IV94425. \n\nFor the Elastic Storage Server 2.5.0 thru 2.5.5, 3.0.0 thru 3.0.5, and 3.5.0 thru 3.5.6, contact IBM Service to obtain an efix referencing APAR IV94424. \n\nFor the GPFS Storage Server 2.0.0 thru 2.0.7, contact IBM Service to obtain an efix referencing APAR IV94424. \n\nTo contact IBM Service, see [_http://www.ibm.com/planetwide/_](<http://www.ibm.com/planetwide/>)\n\nFor the GPFS Storage Server 2.5, contact Lenovo at [_http://shop.lenovo.com/us/en/systems/servers/high-density/gpfs-storage/_](<http://shop.lenovo.com/us/en/systems/servers/high-density/gpfs-storage/>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-08T18:46:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale packaged the Elastic Storage Server and the GPFS Storage Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2021-03-08T18:46:02", "id": "A7E7A98C18A437DD59F5F1F10B7CE5B2BFBACAE3F6E564B5B4F9B2226C989CA5", "href": "https://www.ibm.com/support/pages/node/697059", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-03T17:46:17", "description": "## Summary\n\nThere is vulnerability in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8.0.3.22 and earlier that is used by IMS\u2122 Enterprise Suite: Explorer for Development. This issue was disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nExplorer for Development of the IMS\u2122 Enterprise Suite Versions 3.0.0.0 \u2013 3.2.1.8.\n\n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_APAR_**\n\n| **_Download URL_** \n---|---|---|--- \n \n_IMS Enterprise Suite Explorer for Development V3.2_\n\n| \n\n_3.2.1.9_\n\n| \n\n_N/A_\n\n| [__https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite__](<https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-01T13:05:44", "type": "ibm", "title": "Security Bulletin: Vulnerability in IBM Java SDK affects IMS\u2122 Enterprise Suite: Explorer for Development (CVE-2016-2183, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2022-06-01T13:05:44", "id": "059BFBBD8CB8F92E03748427F677CBE26E890BA80C56429CEEE0842DFE7AAD52", "href": "https://www.ibm.com/support/pages/node/558717", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:49:24", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 used by IBM Spectrum Scale. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Spectrum Scale V4.2.0 thru V4.2.2.3\n\n## Remediation/Fixes\n\nUpgrade to IBM Spectrum Scale V4.2.3 available at [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=All&platform=All&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=All&platform=All&function=all>) \n \nIf you are unable to upgrade, contact IBM Service to obtain an efix referencing APAR IV94425. \n \nTo contact IBM Service, see <http://www.ibm.com/planetwide/>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-01T18:56:58", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-08-01T18:56:58", "id": "91FFFBDFF8AF38616F8DA8CD36721FE00787312FC0E83BAE114FEBA3E7E232B4", "href": "https://www.ibm.com/support/pages/node/697041", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-03T17:51:08", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 6 and 7 used by IBM Installation Manager and IBM Packaging Utility. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Installation Manager and IBM Packaging Utility versions 1.8.6.0 and earlier.\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_IBM Installation Manager and IBM Packaging Utility_| _1.7.4.x_ | [_IV92484_](<http://www-01.ibm.com/support/docview.wss?uid=swg1IV92484>)_, _ \n[_IV93009_](<http://www-01.ibm.com/support/docview.wss?uid=swg1IV93009>)_, _ \n[_IV93010_](<http://www-01.ibm.com/support/docview.wss?uid=swg1IV93010>)| [__1.7.4.7 IBM Installation Manager Remediation__](<http://www.ibm.com/support/docview.wss?uid=swg24043661>)_ \n_[__1.7.4.7 IBM Packaging Utility Remediation__](<http://www.ibm.com/support/docview.wss?uid=swg24043660>)\n\n_Please note that the 1.7.4.7 fix is intended for upgrade of 1.7.4.6 and earlier versions which continue support on platforms that are NOT supported by 1.8 or later versions. \nUsers running 1.7.4.6 or earlier version on platforms that ARE supported by 1.8.x version, should upgrade to 1.8.6.1._ \n \n_IBM Installation Manager and IBM Packaging Utility_| _1.8.x_| [_IV92484_](<http://www-01.ibm.com/support/docview.wss?uid=swg1IV92484>)_, _ \n[_IV93009_](<http://www-01.ibm.com/support/docview.wss?uid=swg1IV93009>)_, _ \n[_IV93010_](<http://www-01.ibm.com/support/docview.wss?uid=swg1IV93010>)| [__1.8.6.1 IBM Installation Manager Remediation__](<http://www.ibm.com/support/docview.wss?uid=swg24043658>)_ \n_[__1.8.6.1 IBM Packaging Utility Remediation__](<http://www.ibm.com/support/docview.wss?uid=swg24043659>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-25T12:12:53", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2021-10-25T12:12:53", "id": "55FA67BCBAA6733CED0D492F89AF1B40789BC45C04CD857041D7C44A7C56ED1E", "href": "https://www.ibm.com/support/pages/node/560363", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-28T22:11:53", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 1.8 and 1.7 used by Rational Performance Tester. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID:** [_CVE-2016-2183_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nRational Performance Tester versions 8.3, 8.5, 8.6, 8.7 and 9.0.\n\n## Remediation/Fixes\n\nUpgrading to version 9.1.0.1 is strongly recommended. \n \n\n\n**_Product_**| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nRPT Workbench| 9.0| None| Download \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR4FP1&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR4FP1&source=SAR>) \nRPT Agent| 9.0| None| Download \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR4FP1&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR4FP1&source=SAR>) \nRPT| 8.7 - 8.7.x| None| Download \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java7SR10FP1&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java7SR10FP1&source=SAR>) \nRPT| 8.6 - 8.6.x| None| Download \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java7SR10FP1&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java7SR10FP1&source=SAR>) \nRPT| 8.5 - 8.5.x| None| Download \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java7SR10FP1&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java7SR10FP1&source=SAR>) \nRPT| 8.3 -8.3.x| None| Download[ ](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>) \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java7SR10FP1&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java7SR10FP1&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n30-Jun-2017: Original version published.\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSMMM5\",\"label\":\"IBM Rational Performance Tester\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Test Execution\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"8.3;8.3.0.1;8.3.0.2;8.3.0.3;8.5;8.5.0.1;8.5.0.2;8.5.1;8.5.1.1;8.5.1.2;8.5.1.3;8.6;8.6.0.1;8.6.0.2;8.7;8.7.0.1;8.7.0.2;8.7.1;8.7.1.1;9.0.0;9.0.0.1;9.0.0.2;9.0.1;9.0.1.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T05:22:03", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Performance Tester.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-17T05:22:03", "id": "0F66A0EBF2BB354FEE49365A0BFF63BC3375F7D75B03AEC0D3A10E90CC949472", "href": "https://www.ibm.com/support/pages/node/562245", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:50:29", "description": "## Summary\n\nThere are several Security Vulnerabilities in the Java runtime that are fixed and shipped with IBM Security Privileged Identity Manager.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-5548](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120864> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [CVE-2016-5549](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120863> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-5547](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120871> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-2183](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/116337> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Security Privileged Identity Manager (ISPIM) 2.0.2, 2.1.0\n\n## Remediation/Fixes\n\nAffected Product versions\n\n| Fix availability \n---|--- \nISPIM 2.0.2| [2.0.2-ISS-ISPIM-VA-IF0010](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=2.0.2-ISS-ISPIM-VA-IF0010&continue=1>) \nISPIM 2.1.0| [2.1.0-ISS-ISPIM-VA-FP0003](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=2.1.0-ISS-ISPIM-VA-FP0003&continue=1>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T22:01:36", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities fixed in Java shipped as a component of IBM Security Privileged Identity Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-16T22:01:36", "id": "BBF5FBFE519F80A6B36C8E6B6ADC28B6EFD07A34E8008B141A42401A9CE1DE28", "href": "https://www.ibm.com/support/pages/node/565583", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:48:28", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 1.8 and 1.7 used by Rational Service Tester. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nRational Service Tester versions 8.3, 8.5, 8.6, 8.7 and 9.0.\n\n## Remediation/Fixes\n\nUpgrading to version 9.1.0.1 is strongly recommended. \n \n\n\n**_Product_**| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nRST| 9.0| None| Download \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&fixids=Rational-RST-JavaPatch-Java8SR4FP1&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&fixids=Rational-RST-JavaPatch-Java8SR4FP1&source=SAR>) \nRST| 8.7 - 8.7.x| None| Download \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&fixids=Rational-RST-JavaPatch-Java7SR10FP1&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&fixids=Rational-RST-JavaPatch-Java7SR10FP1&source=SAR>) \nRST| 8.6 - 8.6.x| None| Download \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&fixids=Rational-RST-JavaPatch-Java7SR10FP1&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&fixids=Rational-RST-JavaPatch-Java7SR10FP1&source=SAR>) \nRST| 8.5 - 8.5.x| None| Download \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&fixids=Rational-RST-JavaPatch-Java7SR10FP1&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&fixids=Rational-RST-JavaPatch-Java7SR10FP1&source=SAR>) \nRST| 8.3 -8.3.x| None| Download[ ](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>) \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&fixids=Rational-RST-JavaPatch-Java7SR10FP1&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&fixids=Rational-RST-JavaPatch-Java7SR10FP1&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T05:22:04", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Service Tester.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549"], "modified": "2018-06-17T05:22:04", "id": "0CB9447A86F4E057E6BCCE438A998B8AC6A17C94584F25C62A55D07D5D528CE3", "href": "https://www.ibm.com/support/pages/node/562247", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:39:59", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 SR9 FP60 and Version 6 SR16 FP35 used by WebSphere Cast Iron. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2017-3252_](<https://vulners.com/cve/CVE-2017-3252>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the JAAS component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nWebSphere Cast Iron v 7.5.1.0, 7.5.0.1, 7.5.0.0 \nWebSphere Cast Iron v 7.0.0.2, 7.0.0.1, 7.0.0.0 \nWebSphere Cast Iron v 6.4.0.1, 6.4.0.0 \nWebSphere Cast Iron v 6.3.0.2, 6.3.0.1, 6.3.0.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nCast Iron Appliance| 7.5.1.0 \n7.5.0.1 \n7.5.0.0| LI79634 | [iFix 7.5.1.0-CUMUIFIX-012](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20170707-0919_H10_64-CUMUIFIX-012.scrypt2,7.5.1.0-WS-WCI-20170707-0919_H10_64-CUMUIFIX-012.vcrypt2,7.5.1.0-WS-WCI-20170707-0919_H10_64-CUMUIFIX-012.32bit.sc-linux,7.5.1.0-WS-WCI-20170707-0919_H10_64-CUMUIFIX-012.sc-linux,7.5.1.0-WS-WCI-20170707-0919_H10_64-CUMUIFIX-012.32bit.sc-win,7.5.1.0-WS-WCI-20170707-0919_H10_64-CUMUIFIX-012.sc-win,7.5.1.0-WS-WCI-20170707-0919_H10_64-CUMUIFIX-012.docker,7.5.1.0-WS-WCI-20170707-0919_H7_64-CUMUIFIX-012.32bit.studio,7.5.1.0-WS-WCI-20170707-0919_H7_64-CUMUIFIX-012.studio&includeSupersedes=0>) \nCast Iron Appliance| 7.0.0.2 \n7.0.0.1 \n7.0.0.0| LI79634| [iFix 7.0.0.2-CUMUIFIX-036](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20170714-1238_H10_64-CUMUIFIX-036.scrypt2,7.0.0.2-WS-WCI-20170714-1238_H10_64-CUMUIFIX-036.vcrypt2,7.0.0.2-WS-WCI-20170714-1238_H10_64-CUMUIFIX-036.32bit.sc-linux,7.0.0.2-WS-WCI-20170714-1238_H10_64-CUMUIFIX-036.32bit.sc-win,7.0.0.2-WS-WCI-20170714-1238_H10_64-CUMUIFIX-036.sc-linux,7.0.0.2-WS-WCI-20170714-1238_H10_64-CUMUIFIX-036.sc-win,7.0.0.2-WS-WCI-20170714-1237_H11_64-CUMUIFIX-036.32bit.studio,7.0.0.2-WS-WCI-20170714-1237_H11_64-CUMUIFIX-036.studio&includeSupersedes=0>) \nCast Iron Appliance| 6.4.0.1 \n6.4.0.0| LI79634| [iFix 6.4.0.1-CUMUIFIX-044](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.4.0.1&platform=All&function=fixId&fixids=6.4.0.1-WS-WCI-20170724-1301_H4-CUMUIFIX-044.scrypt2,6.4.0.1-WS-WCI-20170724-1301_H4-CUMUIFIX-044.vcrypt2,6.4.0.1-WS-WCI-20170724-1301_H5-CUMUIFIX-044.studio&includeSupersedes=0>) \nCast Iron Appliance| 6.3.0.2 \n6.3.0.1 \n6.3.0.0| LI79634| [iFix 6.3.0.2-CUMUIFIX-025](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.3.0.2&platform=All&function=fixId&fixids=6.3.0.2-WS-WCI-20170803-0611_H4-CUMUIFIX-025.scrypt2,6.3.0.2-WS-WCI-20170803-0611_H4-CUMUIFIX-025.vcrypt2,6.3.0.2-WS-WCI-20170803-0611_H5-CUMUIFIX-025.studio&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-11-18T13:57:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Cast Iron", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2017-3252"], "modified": "2019-11-18T13:57:34", "id": "0EDBD09066818302150073FA499E426B9E1E957BDBE65933BB41C32EAC61E483", "href": "https://www.ibm.com/support/pages/node/564131", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:55:46", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 used by IBM API Connect. \n \nThese issues were disclosed as part of the IBM Java SDK updates in January 2017 and April 2017. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \n****DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \n**DESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \n****DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \n****DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \n****DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2017-3511_](<https://vulners.com/cve/CVE-2017-3511>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM API Connect V5.0.0.0 - V5.0.7.2\n\n## Remediation/Fixes\n\n**Affected Product**\n\n| **Addressed in VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nIBM API Connect \n \nV5.0.0.0 - 5.0.6.2| 5.0.6.3| LI79749| Addressed in IBM API Connect V5.0.6.3. \n \nFollow this link and find the \"APIConnect_Management\" and \"apiconnect-collective-controller\" packages: \n \n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.6.2&platform=All&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.6.2&platform=All&function=all>) \nIBM API Connect \n \nV5.0.7.0 - 5.0.7.2| 5.0.8.0| LI79749| Addressed in IBM API Connect V5.0.8.0. \n \nFollow this link and find the \"APIConnect_Management\" and \"apiconnect-collective-controller\" packages: \n \n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.7.0&platform=All&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.7.0&platform=All&function=all>) \n \n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:07:46", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect API Connect", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2017-3511"], "modified": "2018-06-15T07:07:46", "id": "7C65F66E299A696AD50FC2A47F7B7B0567F9E2199029781E8E606BB1970FD47C", "href": "https://www.ibm.com/support/pages/node/564947", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:54:22", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 6 and 7 used by IBM Cognos Metrics Manager. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION**: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\n * IBM Cognos Metrics Manager 10.2.2\n * IBM Cognos Metrics Manager 10.2.1\n * IBM Cognos Metrics Manager 10.2\n * IBM Cognos Metrics Manager 10.1.1\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. As the fix is in a shared component across the Business Intelligence portfolio, applying the BI Interim Fix will resolve the issue. Note that the prerequisites named in the links are also satisfied by an IBM Cognos Metrics Manager install of the same version. \n\n \n| Version| Interim Fix \n---|---|--- \nIBM Cognos Metrics Manager| 10.2.2| [IBM Cognos Business Intelligence 10.2.2 Interim Fix 15](<http://www-01.ibm.com/support/docview.wss?uid=swg24043664>) \nIBM Cognos Metrics Manager| 10.2.1| [IBM Cognos Business Intelligence 10.2.1 Interim Fix 20](<http://www-01.ibm.com/support/docview.wss?uid=swg24043664>) \nIBM Cognos Metrics Manager| 10.2| [IBM Cognos Business Intelligence 10.2 Interim Fix 23](<http://www-01.ibm.com/support/docview.wss?uid=swg24043664>) \nIBM Cognos Metrics Manager| 10.1.1| [IBM Cognos Business Intelligence 10.1.1 Interim Fix 22](<http://www-01.ibm.com/support/docview.wss?uid=swg24043663>) \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T23:19:44", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Metrics Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552"], "modified": "2018-06-15T23:19:44", "id": "362519897130199933383963D7172C52F37C770CFADE7234B0EDB870089045C8", "href": "https://www.ibm.com/support/pages/node/561687", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:46:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6 used by Tivoli Composite Application Manager for SOA. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and Jan 2017. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5597_](<https://vulners.com/cve/CVE-2016-5597>)** \nDESCRIPTION:** An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118071_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118071>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)\n\n \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION**: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Tivoli Composite Application Manager for SOA 7.2\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nIBM Tivoli Composite Application Manager for SOA| 7.2.0.1| IV94489| [7.2.0.1-TIV-ITCAMSOA-IF00010](<http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Tivoli/Tivoli+Composite+Application+Manager+for+SOA&function=fixid&fixids=7.2.0.1-TIV-ITCAMSOA-IF0010>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:37:37", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA (CVE-2016-5597, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5597"], "modified": "2018-06-17T15:37:37", "id": "C4D6B3C9B481ABC83F058E2FA34A363CAF95D271DE6C1A6DB6A489BC94E26241", "href": "https://www.ibm.com/support/pages/node/294349", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:46:53", "description": "## Summary\n\nSecurity vulnerabilities have been identified in IBM\u00ae Runtime Environment Java\u2122 Technology Edition that is used by Watson Explorer and Watson Content Analytics.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2017-3252_](<https://vulners.com/cve/CVE-2017-3252>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the JAAS component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThese vulnerabilities apply to the following products and versions: \n\n * Watson Explorer Foundational Components version 11.0.0.3 and earlier, version 11.0.1, version 11.0.2, version 10.0.0.4 and earlier, version 9.0.0.8 and earlier, and version 8.2-6 and earlier\n * Watson Explorer Annotation Administration Console version 11.0.0.3 and earlier, version 11.0.1, version 11.0.2, version 10.0.0.4 and earlier\n * Watson Explorer Analytical Components version 11.0.0.3 and earlier, version 11.0.1, version 11.0.2, version 10.0.0.4 and earlier\n * Watson Content Analytics version 3.5.0.4 and earlier, version 3.0.0.6 and earlier\n\n## Remediation/Fixes\n\nFollow these steps to upgrade to the required version of IBM Java Runtime. \n\nThe table reflects product names at the time the specified versions were released. To use the links to Fix Central in this table, you must first log in to the IBM Support Fix Central site at <http://www.ibm.com/support/fixcentral/>.\n\n**Affected Product**| **Affected Versions**| **Required IBM Java Runtime**| **How to acquire and apply the fix** \n---|---|---|--- \nIBM Watson Explorer Foundational Components| 11.0 - 11.0.0.3, \n11.0.1, \n11.0.2| JVM 8 SR4 FP1 or later| Upgrade to Version 11.0.2.1. \n \nSee [Watson Explorer Version 11.0.2.1 Foundational Components](<http://www.ibm.com/support/docview.wss?uid=swg24043786>) for download information and instructions. \nIBM Watson Explorer Foundational Components| 10.0 - 10.0.0.4| JVM 8 SR4 FP1 or later| \n\n 1. If you have not already installed, install V10.0 Fix Pack 4 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24039429>)). If you upgrade to Version 10.0.0.4 after you update IBM Java Runtime, your changes are lost and you must repeat the steps. \n 2. Download the IBM Java Runtime, Version 8 package for your edition (Standard, Enterprise, or Advanced) and operating system from Fix Central: interim fix **10.0.0.4-WS-WatsonExplorer-<Edition>Foundational-<OS>-8SR4FP1** or later (for example, 10.0.0.4-WS-WatsonExplorer-EEFoundational-Linux-8SR4FP5).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg21700618>). \nIBM Watson Explorer| 9.0 - 9.0.0.8| JVM 7.1 SR4 FP1 or later| \n\n 1. If you have not already installed, install Version 9.0 Fix Pack 8 (see [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=9.0.0.4&platform=All&function=all#Watson%20Explorer>) to download Version 9.0.0.8 Standard Edition or Enterprise Edition[](<http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=9.0.0.5-WS-WatsonExplorer-SE-FP001&continue=1>)[](<http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=9.0.0.5-WS-WatsonExplorer-EE-FP001&continue=1>)). If you upgrade to Version 9.0.0.8 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 7 package for your edition and operating system from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=9.0.0.6&platform=All&function=all#Others>): Interim fix **9.0.0.8-WS-WatsonExplorer-<Edition>-<OS>-7.1SR4FP1** or later (for example, 9.0.0.8-WS-WatsonExplorer-EE-Linux-7.1SR4FP1).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg21700618>). \nIBM InfoSphere Data Explorer| 8.2 - 8.2-6| JVM 7.1 SR4 FP1 or later| \n\n 1. If you have not already installed, install V8.2 Fix Pack 6 (see [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=8.2.2.0&platform=All&function=all#Data%20Explorer>) to download V8.2-6). If you upgrade to Version 8.2-6 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 7 package for your operating system from [Fix Central: ](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=8.2.2.0&platform=All&function=all#Others>)Interim fix **8.2-6-WS-DataExplorer-<OS>-7.1SR4FP1** or later (for example, 8.2-6-WS-DataExplorer-Windows-7.1SR4FP1).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg21700618>). \nIBM Watson Explorer Foundational Components Annotation Administration Console| 11.0 - 11.0.0.3, \n11.0.1, \n11.0.2| JVM 8 SR4 FP1 or laterr| Upgrade to Version 11.0.2.1. \n \nSee [Watson Explorer Version 11.0.2.1 Foundational Components](<http://www.ibm.com/support/docview.wss?uid=swg24043786>) for download information and instructions. \nIBM Watson Explorer Foundational Components Annotation Administration Console| 10.0 - 10.0.0.4| JVM 7 SR10 FP1 or later| \n\n 1. If you have not already installed, install V10.0 Fix Pack 4 (see the Fix Pack download document). If you upgrade to Version 10.0.0.4 after you update IBM Java Runtime, your changes are lost and you must repeat the steps. \n 2. Download the 32-bit and 64-bit packages of IBM Java Runtime, Version 7 for IBM Watson Explorer Advanced Edition and your operating system from [Fix Central: ](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.4&platform=All&function=all>)interim fix \n**10.0.0.4-WS-WatsonExplorer-AEFoundationallAAC-<OS>[32]-7SR10FP1 **or later (for example, 10.0.0.4-WS-WatsonExplorer-AEFoundationalAAC-Linux32-7SR10FP5 and 10.0.0.4-WS-WatsonExplorer-AEFoundationalAAC-Linux-7SR10FP5).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg21700619>). \nIBM Watson Explorer Analytical Components| 11.0 - 11.0.0.3, \n11.0.1, \n11.0.2| JVM 7.1 SR4 FP1 or later| Upgrade to Version 11.0.2.1. \n \nSee [Watson Explorer Version 11.0.2.1 Analytical Components](<http://www.ibm.com/support/docview.wss?uid=swg24043787>) for download information and instructions. \nIBM Watson Explorer Analytical Components| 10.0 - 10.0.0.2| JVM 7 SR10 FP1 or later| \n\n 1. If you have not already installed, install V10.0 Fix Pack 2 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24039430>)). If you upgrade to Version 10.0.0.2 after you update IBM Java Runtime, your changes are lost and you must repeat the steps. \n 2. Download the 32-bit (or 31-bit, if you use Linux on System z) and 64-bit packages of IBM Java Runtime, Version 7 package for your edition (Enterprise or Advanced) and operating system from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.2&platform=All&function=all#Others>): interim fix **10.0.0.2-WS-WatsonExplorer-<Edition>Analytical-<OS>[32|31]-7SR10FP1 ** or later. For example, 10.0.0.2-WS-WatsonExplorer-AEAnalytical-Linux-7SR10FP5 and 10.0.0.2-WS-WatsonExplorer-AEAnalytical-Linux32-7SR10FP5.\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg21700620>).\n 4. Rename `$ES_INSTALL_ROOT/lib/activation.jar` \nto `activation.jar.orig` if the file exists. \nIBM Watson Content Analytics| 3.5 - 3.5.0.4| JVM 7 SR10 FP1 or later| \n\n 1. If you have not already installed, install V3.5 Fix Pack 4 (see the Fix Pack [download document](<http://www-01.ibm.com/support/docview.wss?uid=swg24042836>)). If you upgrade to Version 3.5.0.4 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the 32-bit (or 31-bit, if you use Linux on System z) and 64-bit packages of IBM Java Runtime, Version 7 for IBM Watson Explorer Advanced Edition and your operating system from [Fix Central: ](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/IBM+Cognos+Content+Analytics&release=3.5.0.4&platform=All&function=all>)interim fix **3.5.0.4-WT-WCA****-<OS>[32|31]-7SR10FP1** or later (for example, 3.5.0.4-WT-WCA-Linux32-7SR10FP5 and 3.5.0.4-WT-WCA-Linux-7SR10FP5).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www-01.ibm.com/support/docview.wss?uid=swg21700621>). \n 4. Rename `$ES_INSTALL_ROOT/lib/activation.jar` \nto `activation.jar.orig` if the file exists. \nIBM Content Analytics with Enterprise Search| 3.0 - 3.0.0.6| JVM 6 SR16 FP40 or later| \n\n 1. If not already installed, install V3.0 Fix Pack 6 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24040579>)). If you upgrade to Version 3.0.0.6 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the 32-bit (or 31-bit, if you use Linux on System z) and 64-bit packages of IBM Java Runtime, Version 6 for your operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/IBM+Cognos+Content+Analytics&release=3.0.0.6&platform=All&function=all>): interim fix **3.0.0.6-WT-ICA-<OS>[32|31]-6SR16FP40** or later (for example, 3.0.0.6-WT-ICA-Linux32-6SR16FP45 and 3.0.0.6-WT-ICA-Linux-6SR16FP45).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg22003962>).\n 4. Rename `$ES_INSTALL_ROOT/lib/activation.jar` \nto `activation.jar.orig` if the file exists. \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T13:09:04", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect Watson Explorer and Watson Content Analytics (CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2017-3252, CVE-2016-5547, CVE-2016-2183)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2017-3252"], "modified": "2018-06-17T13:09:04", "id": "B5976B7FE7A397B9F93B657DB2D7C5465B3737F96F623CDE31887F2CE1AEC89D", "href": "https://www.ibm.com/support/pages/node/561449", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:53:34", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8.0, which is used by IBM Development Package for Apache Spark. These issues are disclosed as part of the IBM Java SDK updates in January 2017. \n \nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \"IBM Java SDK Security Bulletin\" located in the \"References\" section for more information.\n\n## Vulnerability Details\n\n**CVEID**: [CVE-2016-2183](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION**: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/116337> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID**: [CVE-2016-5546](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION**: An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120869> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID**: [CVE-2016-5547](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION**: An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120871> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID**: [CVE-2016-5548](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION**: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120864> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID**: [CVE-2016-5549](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION**: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120863> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID**: [CVE-2016-5552](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016->) \n**DESCRIPTION**: An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120872> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Development Package for Apache Spark, v1.6.3.0, and earlier versions; or \nIBM Development Package for Apache Spark, v2.1.0.0, and earlier versions\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)\n\n| Remediated IBM Java SDK Version \n---|--- \n[IBM Development Package for Apache Spark](<https://www.ibm.com/developerworks/java/jdk/spark/>) 1.6.3.1| IBM SDK, Java Technology Edition, Version 8.0 Service Refresh 4 Fix Pack 1 and subsequent releases \n[IBM Development Package for Apache Spark](<https://www.ibm.com/developerworks/java/jdk/spark/>) 2.1.0.1 and subsequent releases| IBM SDK, Java Technology Edition, Version 8.0 Service Refresh 4 Fix Pack 1 and subsequent releases \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T07:07:06", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552"], "modified": "2018-06-15T07:07:06", "id": "C0F80B7C16C9B80140D483C0FCD6882278F7435E15D4ED92C57FFA7E310185D5", "href": "https://www.ibm.com/support/pages/node/293091", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:55:56", "description": "## Summary\n\nThere are vulnerabilities in IBM SDK Java\u2122 Technology Edition that is used by IBM Integration Designer and WebSphere Integration Developer. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n\n**CVEID:** [_CVE-2016-5597_](<https://vulners.com/cve/CVE-2016-5597>)** \nDESCRIPTION:** An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118071_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118071>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n \nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the IBM Java SDK Security Bulletin, located in the References section for more information. \n\n## Affected Products and Versions\n\nThis vulnerability affects IBM Integration Designer and WebSphere Integration Developer.\n\n## Remediation/Fixes\n\nTo fully mitigate these vulnerabilities, an additional fix (JR57502) is required for the following product versions: \n\n\n * [WebSphere Integration Developer V7.0.0.x](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Integration+Developer&fixids=7.0.0.5-WS-IID-IFJR57502>)\n * [IBM Integration Designer V7.5.1.2](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=7.5.1.2-WS-IID-IFJR57502>)\n * [IBM Integration Designer V8.0.1.3](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.0.1.3-WS-IID-IFJR57502>)\n * [IBM Integration Designer V8.5.0.1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.0.1-WS-IID-IFJR57502>)\n * [IBM Integration Designer V8.5.5.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.5.0-WS-IID-IFJR57502>)\n * [IBM Integration Designer V8.5.6.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.6.0-WS-IID-IFJR57502>)\n * [IBM Integration Designer V8.5.7.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.7.0-WS-IID-IFJR57502>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T07:07:26", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer and WebSphere Integration Developer", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5597"], "modified": "2018-06-15T07:07:26", "id": "08EAB8F1C98D41F4C5FC629CC4BB5A51568ED9245CEA47A291B46DE27A019E34", "href": "https://www.ibm.com/support/pages/node/559507", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-13T09:36:01", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDKs Java\u2122 Technology Edition, Versions 6, 7 and 8, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAll versions of microcode for the IBM Virtualization Engine TS7700 (3957-V06, 3957-V07, 3957-VEA, 3957-VEB, 3957-VEC) prior to and including the following are affected: \n\n**Machine Type**\n\n| **Model**| **Version** \n---|---|--- \n3957| V06| 8.21.0.178 \n3957| VEA| 8.21.0.178 \n3957| V07| 8.41.100.15 \n3957| VEB| 8.41.100.15 \n3957| VEC| 8.41.100.15 \n \n## Remediation/Fixes\n\nContact IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode level followed by the installation of VTD_EXEC.269. Minimum microcode levels are shown below: \n\n**Machine Type**\n\n| **Model**| **Fix** \n---|---|--- \n3957| V06| Upgrade to 8.21.0.178 + VTD_EXEC.269 \n3957| VEA| Upgrade to 8.21.0.178 + VTD_EXEC.269 \n3957| V07| Upgrade to 8.33.2.9 + VTD_EXEC.269 \n-OR- \nUpgrade to 8.40.1.16 + VTD_EXEC.269 \n-OR- \nUpgrade to 8.41.100.15 + VTD_EXEC.269 \n-OR- \nUpgrade to 8.41.101.10 \n3957| VEB| Upgrade to 8.33.2.9 + VTD_EXEC.269 \n-OR- \nUpgrade to 8.40.1.16 + VTD_EXEC.269 \n-OR- \nUpgrade to 8.41.100.15 + VTD_EXEC.269 \n-OR- \nUpgrade to 8.41.101.10 \n3957| VEC| Upgrade to 8.40.1.16 + VTD_EXEC.269 \n-OR- \nUpgrade to 8.41.100.15 + VTD_EXEC.269 \n-OR- \nUpgrade to 8.41.101.10 \n \n \nThe minimum VTD_EXEC version is shown below: \n\n**VTD_EXEC Package**| **Version** \n---|--- \nVTD_EXEC.269| v1.02 \n \n## Workarounds and Mitigations\n\nAlthough IBM recommends that you upgrade to the fixes identified above, you can mitigate, but not eliminate the risk of these vulnerabilities by restricting physical and network access to the TS7700 to authorized users and IBM Service Personnel only.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T00:33:15", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDKs affect IBM Virtualization Engine TS7700 - January 2017", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552"], "modified": "2018-06-18T00:33:15", "id": "C78EC486D86230DDF1D8602E0B7F2837C1420576BD6B5934CAE208E06F1D5B36", "href": "https://www.ibm.com/support/pages/node/697395", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:53:30", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 used by IBM MQ and the IBM MQ Appliance. These issues were disclosed as part of the Java SDK updates from IBM in Jan 2017. \n \nPlease ensure that you read the remediation/fixes section carefully before applying fixes.\n\n## Vulnerability Details\n\nIf you run your own Java code using the Java runtime from IBM delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n\n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2017-3261_](<https://vulners.com/cve/CVE-2017-3261>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120866_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120866>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n**_IBM MQ 9.0.0.x Long Term Support (LTS)_** \nMaintenance level 9.0.0.0 only \n \n**_IBM MQ 9.0.x Continuous Delivery Release (CDR)_** \nContinuous delivery update 9.0.2 only \n \n**_IBM MQ Appliance 9.0.x_** \nUpdate 9.0.2 only \n \n**_IBM MQ 8.0_** \nMaintenance levels 8.0.0.6 and earlier \n \n**_IBM MQ Appliance 8.0_** \nMaintenance levels 8.0.0.6 and earlier \n \n**_WebSphere MQ 7.5_** \nMaintenance levels 7.5.0.7 and earlier \n \n**_WebSphere MQ 7.1_** \nMaintenance levels 7.1.0.8 and earlier \n\n\n## Remediation/Fixes\n\n**_IBM MQ 9.0.0.0_** \nApply fix pack [9.0.0.1](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.0.0.1&platform=All&function=all&useReleaseAsTarget=true>) \n \n**_IBM MQ 9.0, IBM MQ 9.0.2 & IBM MQ Appliance V9.0x_** \nUpgrade to [IBM MQ 9.0.3](<http://www-01.ibm.com/support/docview.wss?uid=swg24043697>) \n \n**_IBM MQ V8.0 & IBM MQ Appliance V8.0_** \nApply fix pack [8.0.0.7](<http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg22005832>) \n \n**_WebSphere MQ 7.5_** \nApply fix pack [7.5.0.8](<http://www-01.ibm.com/support/docview.wss?uid=swg22005413>) \n \n**_WebSphere MQ 7.1_** \nApply iFix [IT20034](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=7.1&platform=All&function=aparId&apars=IT20034>)\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T07:07:11", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Java runtime from IBM affect IBM MQ and IBM MQ Appliance", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2017-3261"], "modified": "2018-06-15T07:07:11", "id": "0C79299B321D2780FBB0CD4805BD992203944E897E67630BAF1DFBCF8B2D1E86", "href": "https://www.ibm.com/support/pages/node/294233", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:53:50", "description": "## Summary\n\nMultiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 used by WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio. These issues were disclosed as part of the IBM Java SDK updates in January 2017. \n \nThese issues are also addressed by WebSphere Application Server Network Deployment shipped with WebSphere Service Registry and Repository.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-5546](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120869> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [CVE-2016-5548](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120864> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-5549](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120863> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-5547](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120871> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-5552](<https://vulners.com/cve/CVE-2016-5552>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120872> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-2183](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/116337> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nWebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio V8.5 and V8.0 are affected.\n\n## Remediation/Fixes\n\n \nFor all releases of WebSphere Service Registry and Repository Studio, upgrade to WebSphere Service Registry and Repository Studio [V8.5.6.1_IV94336](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Service+Registry+and+Repository&release=8.5.6.1&platform=Windows&function=fixId&fixids=8.5.6.1-WS-WSRR-Studio-MultiOS-IFIV94336&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>) \n \nFor WebSphere Service Registry and Repository the issues are addressed by WebSphere Application Server. \n \n\n\nPrincipal Product and Version(s) \n\n| \n\nAffected Supporting Product and Version \n \n---|--- \n \nWebSphere Service Registry and Repository V8.5\n\n| \n\nWebSphere Application Server V8.5.5 \n \nWebSphere Service Registry and Repository V8.0\n\n| \n\nWebSphere Application Server V8.0 \n \n \nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server shipped with WebSphere Service Registry and Repository: \n \n[http://www.ibm.com/support/docview.wss?uid=swg21998379](<http://www-01.ibm.com/support/docview.wss?uid=swg21998379>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T07:07:01", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities identified in IBM\u00ae Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552"], "modified": "2018-06-15T07:07:01", "id": "D42D938207F5AA103E444D93C078C83624DD88D7F8983450772332213314BAF2", "href": "https://www.ibm.com/support/pages/node/294591", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-03T17:48:44", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition and IBM\u00ae Runtime Environment Java\u2122 Technology Edition that is shipped and used by IBM Spectrum Control and Tivoli Storage Productivity Center. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017. \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5597_](<https://vulners.com/cve/CVE-2016-5597>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118071_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118071>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n** ** \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \nresulting in a high confidentiality impact using unknown attack vectors. \n** ** \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n \nThe IBM\u00ae Runtime Environment Java\u2122 Technology Edition provided for download with Tivoli Storage Productivity Center, which can be installed separately, is vulnerable to all CVEs as noted by the IBM Java SDK security bulletin. Review the following security bulletins** **and evaluate your own code to determine if you are vulnerable. \n<http://www.ibm.com/support/docview.wss?uid=swg21985393> and \n<http://www.ibm.com/support/docview.wss?uid=swg21997194> \n\n\n## Affected Products and Versions\n\nIBM Spectrum Control 5.2.8 through 5.2.13 \nTivoli Storage Productivity Center 5.2.0 through 5.2.7.1 \nTivoli Storage Productivity Center 5.1.0 through 5.1.1.13 \n \nThe versions listed above apply to all licensed offerings of IBM Spectrum Control and Tivoli Storage Productivity Center, including IBM Smart Cloud Virtual Storage Center Storage Analytics Engine. \n\n\n## Remediation/Fixes\n\nThe solution is to apply an appropriate Tivoli Storage Productivity Center (IBM Spectrum Control) fix maintenance for each named product and should be implemented as soon as practicable. Starting with 5.2.8, Tivoli Storage Productivity Center has been renamed to IBM Spectrum Control. \n\nIf you have downloaded and installed IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6 Service Refresh 16 Fix Pack 25 or earlier from an older version of Tivoli Storage Productivity Center, you should download the updated version after applying the fix pack and reinstall IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6 Service Refresh 16 Fix Pack 30 or later. \n\nDo not use the IBM JRE 1.6.0 or IBM SDK 1.6.0 links provided with the affected Tivoli Storage Productivity Center versions. If you upgrade to IBM Spectrum Control 5.2.13 or higher, there is no new version to download and apply as the Java WebStart GUI that previously used it is no longer provided.\n\n**Note:** It is always recommended to have a current backup before applying any update procedure.\n\n \n \n**_IBM Spectrum Control and Tivoli Storage Productivity Center_** \n \n**Release**| **First Fixing VRM Level**| **Link to Fix / Fix Availability Target** \n---|---|--- \n5.2| 5.2.14| <http://www.ibm.com/support/docview.wss?uid=swg21320822> \n5.1| 5.1.1.14| <http://www.ibm.com/support/docview.wss?uid=swg21320822> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-22T19:27:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-5597 CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5547 CVE-2016-2183)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5597"], "modified": "2022-02-22T19:27:34", "id": "55CEBB9E20A58983B23E3C229BF737495693CC60EFC2B16F3EF9E573880A87C2", "href": "https://www.ibm.com/support/pages/node/291911", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:48:31", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 6 and 7, which are used by IBM Rational DOORS Web Access. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\nRational DOORS Web Access is affected by the following vulnerabilities: \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION**: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nRational DOORS Web Access versions 1.5, 1.5.0.1, 9.5, 9.5.0.1, 9.5.1, 9.5.1.1, 9.5.2, 9.5.2.1, 9.6, 9.6.0.1, 9.6.1, 9.6.1.1, 9.6.1.3, 9.6.1.4, 9.6.1.7\n\n## Remediation/Fixes\n\nFor Rational DOORS Web Access installations, upgrade the JRE as noted in the table below. You can upgrade the JRE after Rational DOORS Web Access is installed. Publicly available versions of the Oracle JRE are not supported with Rational DOORS Web Access. \n \nThe following table presents Rational DOORS Web Access versions and the compatible versions of IBM JRE. \n \n\n\n**Rational DOORS Web Access**| **IBM Runtime Environment Java Version** \n---|--- \n1.5.0.x| [9.5-RATIONAL-DOORS-JRE-6SR16FP41](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+DOORS&fixids=9.5-RATIONAL-DOORS-JRE-6SR16FP41&source=SAR>) \n9.5.0.x| [9.5-RATIONAL-DOORS-JRE-6SR16FP41](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+DOORS&fixids=9.5-RATIONAL-DOORS-JRE-6SR16FP41&source=SAR>) \n9.5.1.x| [9.5-RATIONAL-DOORS-JRE-6SR16FP41](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+DOORS&fixids=9.5-RATIONAL-DOORS-JRE-6SR16FP41&source=SAR>) \n9.5.2.x| [](<http://w3.hursley.ibm.com/java/jim/ibmsdks/java60/601615/index.html>)[9.5-RATIONAL-DOORS-JRE-6SR16FP41](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+DOORS&fixids=9.5-RATIONAL-DOORS-JRE-6SR16FP41&source=SAR>) \n9.6.0.x| [9.6.0-RATIONAL-DOORS-JRE-7SR10FP1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+DOORS&fixids=9.6.0-RATIONAL-DOORS-JRE-7SR10FP1&source=SAR>) \n9.6.1.x| [9.6.1-RATIONAL-DOORS-JRE-7SR10FP1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+DOORS&fixids=9.6.1-RATIONAL-DOORS-JRE-7SR10FP1&source=SAR>) \n9.6.1.7| [9.6.1.7-RATIONAL-DOORS-JRE-8SR4FP1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+DOORS&fixids=9.6.1.7-RATIONAL-DOORS-JRE-8SR4FP1&source=SAR>) \n_For versions of Rational DOORS Web Access that are earlier than version 1.5.0.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T05:19:53", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552"], "modified": "2018-06-17T05:19:53", "id": "6C0F44079202A6A29F40AF9312C9BF35D7AB32AC9A43F7E92F1C25DAD4A35A55", "href": "https://www.ibm.com/support/pages/node/293459", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-28T22:11:20", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6 used by WebSphere Dashboard Framework. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID:** [_CVE-2017-3241_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3241>) \n**DESCRIPTION:** An unspecified vulnerability related to the RMI component has high confidentiality impact, high integrity impact, and high availability impact. \nCVSS Base Score: 9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-5546_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nWebSphere Dashboard Framework 7.0.1\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_WebSphere Dashboard Framework (Windows)_| _7.0.1_| _LO91865_| [_Download fix here_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Dashboard+Framework&fixids=LO91865_WDF701&source=SAR>) \n_WebSphere Dashboard Framework (Linux)_| _7.0.1_| _LO91866_| [_Download fix here_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Dashboard+Framework&fixids=LO91866_WDF701&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n24 March 2017 - Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSUMNA\",\"label\":\"WebSphere Dashboard Framework\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"7.0.1\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB31\",\"label\":\"WCE Watson Marketing and Commerce\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-16T20:08:56", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Dashboard Framework", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2017-3241"], "modified": "2018-06-16T20:08:56", "id": "B2B869E92E2C0B24C8D4ECF615EFC9ECCD16AE763051DCDFC50A28156E3A511F", "href": "https://www.ibm.com/support/pages/node/294747", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:41:21", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 and 8 that is used by Rational Business Developer. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017.\n\n## Vulnerability Details\n\nCVEID: CVE-2016-5597 \nDESCRIPTION: An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118071> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \nCVEID: CVE-2016-5546 \nDESCRIPTION: An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120869> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \nCVEID: CVE-2016-5548 \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120864> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \nCVEID: CVE-2016-5549 \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120863> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \nCVEID: CVE-2016-5547 \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120871> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \nCVEID: CVE-2016-2183 \nDESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/116337> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nRational Business Developer 8.5 - 9.5\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nRational Business Developer| 8.5.x, 9.0.x, 9.1.x, 9.5.x| None| [`Rational-RBD-Java7SR10FP1-ifix-zip`](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Business+Developer&release=9.1.0&platform=All&function=fixId&fixids=Rational-RBD-Java7SR10FP1-ifix&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp>) \n[`Rational-RBD-Java8SR4FP1-ifix-zip`](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Business+Developer&release=9.5.0&platform=All&function=fixId&fixids=Rational-RBD-Java8SR4FP1-ifix&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5597"], "modified": "2018-08-03T04:23:43", "id": "843A643E29100FE80A1F85E4177BC532FD3AAA0F456EED8DC57146873CD867A7", "href": "https://www.ibm.com/support/pages/node/559669", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:38:34", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 7.0.9.50 and 6.0.16.30 used by IBM Sterling Connect:Direct FTP+. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Sterling Connect:Direct FTP+ 1.3.0\n\n## Remediation/Fixes\n\n**V.R.M**\n\n| **APAR**| **Remediation** \n---|---|--- \n1.3.0| IT20756| Apply 1.3.0 Fix006, available on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+Connect%3ADirect+FTP+Plus&release=1.3.0.0&platform=All&function=fixId&fixids=1.3.0*iFix006*&includeSupersedes=0>). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-24T22:49:37", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct FTP+", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552"], "modified": "2020-07-24T22:49:37", "id": "007E4732B5C858D68314FCBC681F238D11A80EC2685E0C320CE28F1D80CB4ECA", "href": "https://www.ibm.com/support/pages/node/561215", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:53:27", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is used by IBM Process Designer in IBM Business Process Manager and WebSphere Lombardi Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2017-3253_](<https://vulners.com/cve/CVE-2017-3253>) \n**DESCRIPTION:** An unspecified vulnerability related to the 2D component could allow a remote attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120868_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120868>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThis vulnerability affects IBM Business Process Manager V7.5.x through V8.5.7.0 and WebSphere Lombardi Edition V7.2.0.x.\n\n## Remediation/Fixes\n\nThe eclipse-based IBM Process Designer tool includes an instance of the IBM SDK Java\u2122 Technology Edition. In order to provide the fix for this development tool, install APAR JR57474 for your version of IBM Business Process Manager or WebSphere Lombardi Edition: \n\n\n * [_IBM Business Process Manager Advanced_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Advanced&release=All&platform=All&function=aparId&apars=JR57474>)\n * [_IBM Business Process Manager Standard_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Standard&release=All&platform=All&function=aparId&apars=JR57474>)\n * [_IBM Business Process Manager Express_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Express&release=All&platform=All&function=aparId&apars=JR57474>)\n * As WebSphere Lombardi Edition and IBM Business Process Manager V7.5 are out of general support, customers with a support extension contract can contact IBM support to request the fix for download. \n \nIf you are on earlier unsupported releases, IBM strongly recommends to upgrade. \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T07:07:13", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Process Designer used in IBM Business Process Manager and WebSphere Lombardi Edition", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2017-3253"], "modified": "2018-06-15T07:07:13", "id": "804E6AF85F88574192F4F1A28E33A7B2125DAAA8A9A5135B29F2DA3EC81C4695", "href": "https://www.ibm.com/support/pages/node/295027", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:52:25", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>)** \nDESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Planning Analytics Local 2.0 \n\nIBM Planning Analytics Local 2.0.1\n\nIBM Planning Analytics Local 2.0.2\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n[IBM Planning Analytics Local 2.0.3](<http://www-01.ibm.com/support/docview.wss?uid=swg24044081>) \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24044001>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T23:48:07", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Planning Analytics Local", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552"], "modified": "2018-06-15T23:48:07", "id": "BD707B5E697F3383B038E22458B7732420CC5E5B323F5C3F9E3B3B6CBC7309E9", "href": "https://www.ibm.com/support/pages/node/296681", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-21T05:54:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6 that is used by IBM Cognos Command Center. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>)** \nDESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n \n \n**CVEID:** [_CVE-2016-5597_](<https://vulners.com/cve/CVE-2016-5597>)** \nDESCRIPTION:** An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118071_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118071>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Cognos Command Center 10.2 All Editions \n\nIBM Cognos Command Center 10.2.1 All Editions\n\nIBM Cognos Command Center 10.2.2 All Editions\n\nIBM Cognos Command Center 10.2.3 All Editions\n\n## Remediation/Fixes\n\nThe recommended fix is to upgrade to the latest Fix Pack : IBM Cognos Command Center 10.2.4 \n \n[Downloading Cognos Command Center 10.2.4](<http://www-01.ibm.com/support/docview.wss?uid=swg24043243>)\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T22:49:32", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java Runtime affect IBM Cognos Command Center", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2016-5597"], "modified": "2018-06-15T22:49:32", "id": "D3BED0E83235D9426D986A11755E3B30E87187B154AD1097AE25C384A5EC66B8", "href": "https://www.ibm.com/support/pages/node/557429", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:40:31", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 that is used by IBM WebSphere MQ Internet Pass-Thru. These issues were disclosed as part of the IBM Java SDK updates in January and April 2017\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information**. ** \n** ** \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2017-3511_](<https://vulners.com/cve/CVE-2017-3511>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM WebSphere MQ Internet Pass-Thru 2.1.0.0 - 2.1.0.2\n\n## Remediation/Fixes\n\nApply [fix pack 2.1.0.3 ](<http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg24006386&loc=en_US&cs=utf-8&lang=en>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-08-30T07:48:35", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM WebSphere MQ Internet Pass-Thru", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2017-3511"], "modified": "2019-08-30T07:48:35", "id": "36EAF692C244B6A8DC011E8C8A1978CD6EAB40CEB6194282C8F5C8D043B8FA10", "href": "https://www.ibm.com/support/pages/node/558225", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:41:15", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environments Java\u2122 Technology Edition versions 6, 7, & 8 that are used by Transformation Extender. This issue was disclosed as part of the IBM Java SDK updates in January and April, 2017.\n\n## Vulnerability Details\n\n \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n** \nCVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2017-1289_](<https://vulners.com/cve/CVE-2017-1289>)** \nDESCRIPTION:** IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. \nCVSS Base Score: 8.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/125150_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125150>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L) \n \n**CVEID:** [_CVE-2017-3511_](<https://vulners.com/cve/CVE-2017-3511>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\n * WebSphere Transformation Extender Design Studio\n * WebSphere Transformation Extender with Command Server\n * WebSphere Transformation Extender for Integration Servers\n * WebSphere Transformation Extender for Application Programming\n * WebSphere Transformation Extender with Launcher\n**Transformation Extender versions**| **CVEs** \n---|--- \n9.0.0 - 9.0.0.1 \n8.4.1 - 8.4.1.4 \n8.4.0 - 8.4.0.5 \n8.3.0 - 8.3.0.6 \n| **Jan:** \n[_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n[_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \n[_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n[_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n[_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n9.0.0 - 9.0.0.1 \n8.4.1 - 8.4.1.4 \n8.4.0 - 8.4.0.5| **April****:** \n[_CVE-2017-3511_](<https://vulners.com/cve/CVE-2017-3511>) \n8.3 - 8.3.0.6| **April****:** \n[_CVE-2017-1289_](<https://vulners.com/cve/CVE-2017-1289>) \n \n## Remediation/Fixes\n\n**V8.3.0 - V8.3.0.6:** Download and install the interim fix for APAR PI84098 from IBM Fix Central. \n\n**V8.4.0 - V8.4.0.5:** Download and install the interim fix for APAR PI84098 from IBM Fix Central.\n\n**V8.4.1 - V8.4.1.5:** Download and install Transformation Extender V8.4.1.5 from Fix Central.\n\n**V9.0.0 - V9.0.0.1:** Download and install Transformation Extender V9.0.0.2 from Fix Central.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2018-08-09T03:24:58", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, versions 6, 7, & 8 affect Transformation Extender", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2017-1289", "CVE-2017-3511"], "modified": "2018-08-09T03:24:58", "id": "69A71DCA3AF973A137F5D03A63EFCFA24982B8766B86345D1914AF5B3BF502FB", "href": "https://www.ibm.com/support/pages/node/562915", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-02-21T05:55:52", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6,7 and 8 that is used by IBM Operational Decision Manager (ODM). These issues were disclosed as part of the IBM Java SDK updates in Jan 2017\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-3241_](<https://vulners.com/cve/CVE-2017-3241>) \n**DESCRIPTION:** An unspecified vulnerability related to the RMI component has high confidentiality impact, high integrity impact, and high availability impact. \nCVSS Base Score: 9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2017-3252_](<https://vulners.com/cve/CVE-2017-3252>) \n**DESCRIPTION:** An unspecified vulnerability related to the JAAS component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n * IBM WebSphere Operational Decision Management v7.5 \n * IBM Operational Decision Manager v8.0\n * IBM Operational Decision Manager v8.5\n * IBM Operational Decision Manager v8.6\n * IBM Operational Decision Manager v8.7\n * IBM Operational Decision Manager v8.8\n * IBM Operational Decision Manager v8.9\n\n## Remediation/Fixes\n\nIBM recommends upgrading to a fixed, supported version/release/platform of the product: \n\n * IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 45 and subsequent releases\n * IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 5 and subsequent releases\n * IBM SDK, Java Technology Edition, Version 8 Service Refresh 3 Fix Pack 20 and subsequent releases\n * Select the following interim fix to upgrade your JDK based on your version of the product and operating system: \n \nIBM WebSphere Operational Decision Management v7.5: \nInterim fix 51 for APAR RS02734 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): \n**7.5.0.4-WS-ODM_JDK-<OS>-****IF052** \n \nIBM Operational Decision Manager v8.0: \nInterim fix 72 for APAR RS02734 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): \n**8.0.0.0-WS-ODM_JDK-<OS>-****IF072**\n\nIBM Operational Decision Manager v8.5:\n\n \nIBM Operational Decision Manager v8.6: \nIBM Operational Decision Manager v8.7: \nIBM Operational Decision Manager v8.8: \nInterim fix 70 for APAR RS02734 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): \n**8.5.0.0-WS-ODM_JDK-<OS>-****IF070** \n \nIBM Operational Decision Manager v8.9: \nInterim fix 2 for APAR RS02734 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): \n**8.9.0.0-WS-ODM_JDK-<OS>-****IF002** \n \n \nIBM Operational Decision Manager v8.8 Decision Server Insight: \nInterim fix 54 for APAR RS02734 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): \n**8.8.0.0-WS-ODM_JDK_DSI-<OS>-****IF054 ** \n \n \n \n**Important note: **IBM strongly suggests that all System z customers subscribe to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the [_System z Security web site_](<http://www-03.ibm.com/systems/z/advantages/security/integrity_sub.html>). Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk. \n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T07:07:36", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae SDK, Java\u2122 Technology Edition affect IBM Operational Decision Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2017-3241", "CVE-2017-3252"], "modified": "2018-06-15T07:07:36", "id": "BD83C6655DF589A9ABA3C23084AB0F01D10A09569D91FC02ED40475F9AA42DBC", "href": "https://www.ibm.com/support/pages/node/562021", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:53:28", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 Service Refresh 3 Fix Pack 22 (8.0.3-22) used by IBM Streams. These issues were disclosed as part of the IBM Java SDK updates in January 2017. \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2017-3253_](<https://vulners.com/cve/CVE-2017-3253>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the 2D component could allow a remote attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120868_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120868>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThe following versions may be impacted: \n\n * IBM Streams Version 4.2.0.3 and earlier\n * IBM InfoSphere Streams Version 4.1.1.2 and earlier\n * IBM InfoSphere Streams Version 4.0.1.3 and earlier\n * IBM InfoSphere Streams Version 3.2.1.6 and earlier\n * IBM InfoSphere Streams Version 3.1.0.8 and earlier \n * IBM InfoSphere Streams Version 3.0.0.6 and earlier \n\n## Remediation/Fixes\n\nTo remediate/fix this issue, follow the instructions below: \n\n\n * **Version 4.2: **Apply IBM Streams Mod Release 4.2.1 Fix Pack 1 (4.2.1.1) from [Passport Advantage](<http://www.ibm.com/software/passportadvantage/>).\n * **Version 4.1.1**: Apply [4.1.1 Fix Pack 3 (4.1.1.3) or higher.](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.1.1.0&platform=All&function=all>)\n * **Version 4.0.1: **Apply [4.0.1 Fix Pack 4 (4.0.1.4) or higher.](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.0.1.0&platform=All&function=all>)\n * **Versions 3.2.1, 3.1.0, and 3.0.0: **For versions earlier than 4.x.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin. \nNOTE: Fix Packs are available on IBM Fix Central. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T13:47:58", "type": "ibm", "title": "Security Bulletin: A Vulnerability in IBM Java SDK affects IBM Streams (CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-5552, CVE-2016-2183)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2017-3253"], "modified": "2018-06-16T13:47:58", "id": "E48F8ABCD477E820754A4984E9A42E9861FF62036721D12B2341BBB5CB6A55BA", "href": "https://www.ibm.com/support/pages/node/559867", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-28T22:13:31", "description": "## Summary\n\nThe IBM Emptoris Strategic Supply Management Suite and IBM Emptoris Services Procurement products are affected by multiple security vulnerabilities that exist in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. The security bulletin includes issues disclosed as part of the IBM Java SDK updates in January 2017. \nThe IBM Emptoris Strategic Supply Management Suite of products include IBM Emptoris Contract Management, IBM Emptoris Sourcing, IBM Emptoris Spend Analysis, IBM Emptoris Program Management, IBM Emptoris Strategic Supply Management and IBM Emptoris Supplier Lifecycle Management.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-3241_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3241>)** \nDESCRIPTION:** An unspecified vulnerability related to the RMI component has high confidentiality impact, high integrity impact, and high availability impact. \nCVSS Base Score: 9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-5546_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5549_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5547_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2016-5552_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5552>)** \nDESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n\n**CVEID:** [_CVE-2016-2183_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Emptoris Contract Management 9.5 through 10.1.x \nIBM Emptoris Program Management 10.0.0 through 10.1.x \nIBM Emptoris Sourcing 10.0.0 through 10.1.x \nIBM Emptoris Spend Analysis 10.0.0 through 10.1.x \nIBM Emptoris Supplier Lifecycle Management 9.5 through 10.1.x \nIBM Emptoris Strategic Supply Management 10.0.0 through 10.1.x \nIBM Emptoris Services Procurement 10.x\n\n## Remediation/Fixes\n\nAn interim fix has been issued for the IBM WebSphere Application Server (WAS) which will upgrade the IBM Java Development Kit to a version which is not susceptible to this vulnerability. Customers running any of the IBM Emptoris products listed above should apply the interim fix to all IBM WebSphere Application Server installations that are used to run IBM Emptoris applications. Please refer to [Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2017 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg21998379>) for details. \n \nSelect the appropriate WebSphere Application Server fix based on the version being used for the IBM Emptoris product version. The following table lists the IBM Emptoris application versions along with the corresponding required version of IBM WebSphere Application Server and a link to the corresponding fix version where further installation instructions are provided. \n \n \n\n\n**Emptoris Product Version**\n\n| \n\n**WAS Version**\n\n| \n\n**Java Version**\n\n| \n\n**Remediation** \n \n---|---|---|--- \n9.5.x.x| \n\n8.0.0.x\n\n| \n\nJava 6\n\n| Apply Interim Fix [_PI76781_](<http://www-01.ibm.com/support/docview.wss?uid=swg24043324>) \n10.0.0.x, 10.0.1.x| \n\n8.5.0.x\n\n| \n\nJava 6\n\n| Apply Interim Fix [_PI76779_](<http://www-01.ibm.com/support/docview.wss?uid=swg24043321>) \n10.0.2.x , 10.0.4| \n\n8.5.5.x\n\n| \n\nJava 6 \n \n10.1.x| \n\n8.5.5.x\n\n| \n\nJava 7\n\n| Apply Interim Fix [_PI76507_](<http://www-01.ibm.com/support/docview.wss?uid=swg24043320>) \n \n**Note** : Please refer to [Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2017 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg21998379>) for details. \n\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSYQ72\",\"label\":\"Emptoris Strategic Supply Management\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Platform\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYQ89\",\"label\":\"Emptoris Contract Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYRER\",\"label\":\"Emptoris Program Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYR6U\",\"label\":\"Emptoris Services Procurement\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYR8W\",\"label\":\"Emptoris Sourcing\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYQAR\",\"label\":\"Emptoris Spend Analysis\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYQ72\",\"label\":\"Emptoris Strategic Supply Management\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYRC7\",\"label\":\"Emptoris Supplier Lifecycle Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-16T20:09:49", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2017-3241"], "modified": "2018-06-16T20:09:49", "id": "55F8F21346EDEA63D23DEC5EBB44C524EAAD84D3EF679B21A46A79265F3AEF5D", "href": "https://www.ibm.com/support/pages/node/560821", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-06T22:05:28", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java Technology Edition, Version 1.6 and 1.7 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM). These issues were disclosed as part of the IBM Java SDK updates in January 2017. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2017-3253_](<https://vulners.com/cve/CVE-2017-3253>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the 2D component could allow a remote attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120868_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120868>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 4.0 - 6.0.3 \n \nRational Quality Manager 4.0 - 4.0.7 \nRational Quality Manager 5.0 - 5.0.2 \nRational Quality Manager 6.0 - 6.0.3 \n \nRational Team Concert 4.0 - 4.0.7 \nRational Team Concert 5.0 - 5.0.2 \nRational Team Concert 6.0 - 6.0.3 \n \nRational DOORS Next Generation 4.0 - 4.0.7 \nRational DOORS Next Generation 5.0 - 5.0.2 \nRational DOORS Next Generation 6.0 - 6.0.3 \n \nRational Engineering Lifecycle Manager 4.0.3 - 4.0.7 \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \nRational Engineering Lifecycle Manager 6.0 - 6.0.3 \n \nRational Rhapsody Design Manager 4.0 - 4.0.7 \nRational Rhapsody Design Manager 5.0 - 5.0.2 \nRational Rhapsody Design Manager 6.0 - 6.0.3 \n \nRational Software Architect Design Manager 4.0 - 4.0.7 \nRational Software Architect Design Manager 5.0 - 5.0.2 \nRational Software Architect Design Manager 6.0 - 6.0.3\n\n## Remediation/Fixes\n\n \n**IMPORTANT CONSIDERATIONS:** \n\n\n 1. If your product is deployed on WebSphere Application Server (WAS) and your deployment does not use an Eclipse based client nor the RM Browser plugin, then it is sufficient to continue using the existing version of your IBM Rational product, and only upgrade the JRE in the WAS server.\n 2. For the below remediations, if you are a WAS deployment, then WAS must also be remediated, in addition to performing your product upgrades. Follow instructions at [ Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2017 CPU](<http://www.ibm.com/support/docview.wss?uid=swg21998379>) to get the WAS remediation . \n 3. If you are deploying the Rational products to a WAS Liberty or a Tomcat Server, you will need to follow the instructions below to upgrade the JRE, and then must also configure to complete the upgrade process:\n3.1. **Stop the server**: Navigate to the Server directory in your Ratonal product installation path and run this script: _server.shutdown_ \n \n3.2. Navigate to the server directory in your Rational product installation path, open **_server.startup_**_ _script using prefered text editor (e.g., Notepad for Windows or Vim Editor for Linux) and add one more option to the healthcenter parameter set: \nSearch parameter _-Dcom.ibm.java.diagnostics.healthcenter.agent_ in server.startup script to find the line containing the health center parameter. \n \nNOTE: For some Rational Collaborative Lifecycle Management versions,_ -Dcom.ibm.java.diagnostics.healthcenter.agent_ parameter may not be found in the server.startup, in this case the update is not needed and you can start using your server. \n** \nWindows:** \nModify the line (where HEALTHCENTER_OPTS parameter located) by adding a new healthcenter option: _ \n__-Dsun.rmi.registry.registryFilter=javax.rmi.CORBA.Stub_ \n \n**_Before modification:_**_ \nset HEALTHCENTER_OPTS=-agentlib:healthcenter -Dcom.ibm.java.diagnostics.healthcenter.agent.port=1972 \n_**_After modification:_**_ \nset HEALTHCENTER_OPTS=-agentlib:healthcenter -Dcom.ibm.java.diagnostics.healthcenter.agent.port=1972 __-Dsun.rmi.registry.registryFilter=javax.rmi.CORBA.Stub_ \n** \nLinux:** \nModify the line (where HEALTHCENTER_OPTS parameter located) by adding a new healthcenter option: _-Dsun.rmi.registry.registryFilter=javax.rmi.CORBA.Stub_ \n \n**_Before modification:_**_ \nexport HEALTHCENTER_OPTS=\"-agentlib:healthcenter -Dcom.ibm.java.diagnostics.healthcenter.agent.port=1972\" \n_**_After modification:_**_ \nexport HEALTHCENTER_OPTS=\"-agentlib:healthcenter -Dcom.ibm.java.diagnostics.healthcenter.agent.port=1972 __-Dsun.rmi.registry.registryFilter=javax.rmi.CORBA.Stub__\"_ \n3.3. **Start the server**. Navigate to the Server directory in your Rational product installation path and run this script: _server.startup__. _ \n**STEPS TO APPLY THE REMEDIATION:** \n_ _ \n1\\. Upgrade your products to a supported version:** 4.0.7**, **5.0.2**, **6.0.2, or 6.0.3** \n2\\. Apply the latest ifix for your installed version. \n3\\. Obtain the January 2017 CPU update for the IBM_\u00ae_ Java SDK. \n\n\nBased on version installed, obtain the latest ifixes (recommended), and the below indicated java from: \nFor the 6.0.3 releases: **JRE 7.1.4.1** **_(<product>-JavaSE-JRE-7.1SR4FP1_**) \n * [_Rational Collaborative Lifecycle Management 6.0.3_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.3&platform=All&function=all>)\n * [_Rational Team Concert 6.0.3_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Team+Concert&release=6.0.3&platform=All&function=all>)\n * [_Rational Quality Manager 6.0.3_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Quality+Manager&release=6.0.3&platform=All&function=all>)\n * [_Rational DOORS Next Generation 6.0.3_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+DOORS+Next+Generation&release=6.0.3&platform=All&function=all>)[](<https://jazz.net/downloads/design-management/releases/5.0>)[](<https://jazz.net/downloads/design-management/releases/5.0>)\n * Rational Software Architect Design Manager:_ _Upgrade to version 6.0.3 and install server and JRE from [_CLM 6.0.3_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.3&platform=All&function=all>)\n * Rational Rhapsody Design Manager:_ _Upgrade to version 6.0.3 and install server and JRE from [_CLM 6.0.3_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.3&platform=All&function=all>)\n * Rational Engineering Lifecycle Manager:_ _Upgrade to version 6.0.3 and install server and JRE from [_CLM 6.0.3_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.3&platform=All&function=all>)\n \nFor the 6.0.2 releases: **JRE 7.1.4.1** **_(<product>-JavaSE-JRE-7.1SR4FP1_**) \n * [_Rational Collaborative Lifecycle Management 6.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * [_Rational Team Concert 6.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Team+Concert&release=6.0.2&platform=All&function=all>)\n * [_Rational Quality Manager 6.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Quality+Manager&release=6.0.2&platform=All&function=all>)\n * [_Rational DOORS Next Generation 6.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+DOORS+Next+Generation&release=6.0.2&platform=All&function=all>)[](<https://jazz.net/downloads/design-management/releases/5.0>)[](<https://jazz.net/downloads/design-management/releases/5.0>)\n * Rational Software Architect Design Manager:_ _Upgrade to version 6.0.2 and install server and JRE from [_CLM 6.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * Rational Rhapsody Design Manager:_ _Upgrade to version 6.0.2 and install server and JRE from [_CLM 6.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * Rational Engineering Lifecycle Manager:_ _Upgrade to version 6.0.2 and install server and JRE from [_CLM 6.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * For the 5.x releases: **JRE 6.0.16.41 ****_(<product>-JavaSE-JRE-6.0SR16FP41_**) \n * [_Rational Collaborative Lifecycle Management 5.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=5.0.2&platform=All&function=all>)\n * [_Rational Team Concert 5.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Team+Concert&release=5.0.2&platform=All&function=all>)\n * [_Rational Quality Manager 5.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Quality+Manager&release=5.0.2&platform=All&function=all>)\n * [_Rational DOORS Next Generation 5.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+DOORS+Next+Generation&release=5.0.2&platform=All&function=all>)[](<https://jazz.net/downloads/design-management/releases/5.0>)[](<https://jazz.net/downloads/design-management/releases/5.0>)\n * Rational Software Architect Design Manager:_ _Upgrade to version 5.0.2 and install server and JRE from [_CLM 5.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=5.0.2&platform=All&function=all>)\n * Rational Rhapsody Design Manager:_ _Upgrade to version 5.0.2 and install server and JRE from [_CLM 5.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=5.0.2&platform=All&function=all>)\n * Rational Engineering Lifecycle Manager:_ _Upgrade to version 5.0.2 and install server and JRE from [_CLM 5.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=5.0.2&platform=All&function=all>)\n_ \n_For the 4.x releases: **JRE 6.0.16.41 ****_(<product>-JavaSE-JRE-6.0SR16FP41_**) \n * [_Rational Collaborative Lifecycle Management 4.0.7_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=4.0.7&platform=All&function=all>)\n * [_Rational Team Concert 4.0.7_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Team+Concert&release=4.0.7&platform=All&function=all>)\n * [_Rational Quality Manager 4.0.7_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FRational&product=ibm/Rational/Rational+Quality+Manager&release=4.0.7&platform=All&function=all>)\n * [_Rational DOORS Next Generation/Requirements Composer 4.0.7_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+DOORS+Next+Generation&release=4.0.7&platform=All&function=all>)\n * Rational Software Architect Design Manager: _ _Upgrade to version 4.0.7 and install server and JRE from [_CLM 4.0.7_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=4.0.7&platform=All&function=all>)\n * Rational Rhapsody Design Manager: Upgrade to version 4.0.7 and install server and JRE from [_CLM 4.0.7_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=4.0.7&platform=All&function=all>)\n * Rational Engineering Lifecycle Manager: Upgrade to version 4.0.7 and install server and JRE from [_CLM 4.0.7_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=4.0.7&platform=All&function=all>)\n * 4\\. Upgrade your JRE following the instructions in the link below: \n[_How to update the IBM SDK for Java of IBM Rational products based on version 3.0.1.6 or later of IBM's Jazz technology_](<http://www.ibm.com/support/docview.wss?uid=swg21674139>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Vulnerability in IBM\u00ae Java SDK affects multiple IBM Rational products based on IBM Jazz technology", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2017-3253"], "modified": "2021-04-28T18:35:50", "id": "DF03CD856A57D7360B711A6E6395B099DEE028A64AE6341A99493DBAF1274A4B", "href": "https://www.ibm.com/support/pages/node/293499", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:48:29", "description": "## Summary\n\nJazz Team Server is shipped as a component of Jazz Reporting Service (JRS). Information about multiple security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-5546](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120869> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [CVE-2017-3253](<https://vulners.com/cve/CVE-2017-3253>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the 2D component could allow a remote attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120868> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2016-5548](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120864> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-5549](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120863> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-5547](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120871> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-5552](<https://vulners.com/cve/CVE-2016-5552>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120872> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-2183](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/116337> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nJRS 5.0, 5.0.1, 5.0.2| Jazz Foundation 5.0, 5.0.1, 5.0.2 \nJRS 6.0, 6.0.1, 6.0.2, 6.0.3| Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3 \n* Both JRS and Jazz Foundation are part of Rational Collaborative Lifecycle Management. \n\n## Remediation/Fixes\n\nConsult the security bulletin [Security Bulletin: Vulnerability in IBM\u00ae Java SDK affects multiple IBM Rational products based on IBM Jazz technology](<http://www-01.ibm.com/support/docview.wss?uid=swg21999820>) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T05:21:08", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2017-3253"], "modified": "2018-06-17T05:21:08", "id": "B1C96325B356B6322CE436FE75F350F9005DF2C5631508657564896656251B8B", "href": "https://www.ibm.com/support/pages/node/560433", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:44:42", "description": "## Summary\n\nThe following security issues have been identified in WebSphere Application Server included as part of IBM Tivoli Monitoring (ITM) portal server. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-1121](<https://vulners.com/cve/CVE-2017-1121>)** \nDESCRIPTION:** IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121173> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [CVE-2016-8919](<https://vulners.com/cve/CVE-2016-8919>)** \nDESCRIPTION:** IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118529> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \nCVEID: [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \nCVEID: [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \nCVEID: [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \nCVEID: [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \nCVEID: [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \nDESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Tivoli Monitoring versions 6.3.0 through 6.3.0 FP7 - Tivoli Enterprise Portal Server (TEPS) all CVEs above. \n \nIBM Tivoli Monitoring versions 6.2.3 through 6.2.3 FP5 - Tivoli Enterprise Portal Server (TEPS) all CVE's above.\n\n## Remediation/Fixes\n\n**Portal Server-****embedded WebSphere Application Server** \n \n\n\n**_Fix_**| **_VMRF_**| **_Remediation/First Fix_** \n---|---|--- \n6.X.X-TIV-ITM_EWAS_ALL_8.00.12.04| 6.3.0.x| <http://www.ibm.com/support/docview.wss?uid=swg24043781> \nTechnote| 6.2.3.x| <http://www.ibm.com/support/docview.wss?uid=swg21633722> \nContains information about installing the embedded WebSphere Application Server (eWAS) patches for IBM Tivoli Monitoring 6.23. The link gives instructions to install** **eWAS 7.0 Fix Pack 43 (7.0.0.43). \n \nYou should verify applying this fix does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:41:00", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-8919", "CVE-2017-1121"], "modified": "2018-06-17T15:41:00", "id": "88C8CF9B1989865EFD1C55095D4AB790C6DC1A4D65C5E126172ABE0EBC926E98", "href": "https://www.ibm.com/support/pages/node/561953", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T01:49:53", "description": "## Summary\n\nSecurity Bulletin: There are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 7 and 8 used by IBM Security Guardium Database Activity Monitor. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-5546](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120869> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [CVE-2016-5549](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120863> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-5547](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120871> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n \n--- \n \nThis is a Bundling Bulletin. \n\n## Affected Products and Versions\n\nIBM Security Guardium Database Activity Monitor V9.0, 9.1, 9.5 \n\nIBM Security Guardium Database Activity Monitor V10.0, 10.0.1, 10.1, 10.1.2\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Guardium Database Activity Monitor| 9x| [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p6023_SecurityUpdate&includeSupersedes=0&source=fc](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p6023_SecurityUpdate&includeSupersedes=0&source=fc>) \nIBM Security Guardium Database Activity Monitor| 10x| [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p6023_SecurityUpdate&includeSupersedes=0&source=fc](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p6023_SecurityUpdate&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:50:47", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Database Activity Monitor", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5549"], "modified": "2018-06-16T21:50:47", "id": "2F59DE893FA8285491D437E4B059A11D5F337C0B22E23F84FF0196B4436172CD", "href": "https://www.ibm.com/support/pages/node/293119", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-21T01:53:36", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 Service Refresh 9 Fix Pack 60 and earlier releases, IBM\u00ae Runtime Environment Java\u2122 Version 7R1 Service Refresh 3 Fix Pack 60 and earlier releases, and IBM\u00ae Runtime Environment Java\u2122 Version 8 Service Refresh 3 Fix Pack 22 and earlier releases that are used by IBM MQ Light. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-5546](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120869> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [CVE-2016-5547](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120871> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-2183](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher that is used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/116337> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThe vulnerabilities affect users of IBM MQ Light 1.0 - 1.0.6 on all platforms\n\n## Remediation/Fixes\n\nThis issue has been addressed by IBM MQ Light 1.0.7 \n \nDownload and install the latest MQ Light Server appropriate for your platform: [_https://developer.ibm.com/messaging/mq-light/_](<https://developer.ibm.com/messaging/mq-light/>). \n \nThe following link describes how to re-use the data from your existing installation: \n[_http://www.ibm.com/support/knowledgecenter/SSBJCR_1.0.0/com.ibm.mq.koa.doc/tmql_data.htm _](<http://www.ibm.com/support/knowledgecenter/SSBJCR_1.0.0/com.ibm.mq.koa.doc/tmql_data.htm>). \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T07:07:05", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547"], "modified": "2018-06-15T07:07:05", "id": "F6BE00294C862D5F5FF2B5DBAC48A97801994D58BD8E7B4DEE3ED210A9A3676A", "href": "https://www.ibm.com/support/pages/node/292637", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:47:51", "description": "## Summary\n\nSecurity Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK Java\u2122 Technology Edition Version 6, 7, 8 and IBM\u00ae Runtime Environment Java\u2122 Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation. \nJava SE issues disclosed in the Oracle January 2017 Critical Patch Update. \n\n\n## Vulnerability Details\n\nAdvisory CVEs: \nCVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-5552, CVE-2016-2183 \n \nThis bulletin covers all applicable Java SE CVEs published by Oracle as part of their January 2017 Critical Patch Update. For more information please refer to [_Oracle's January 2017 CPU Advisory_](<http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA>) and the X-Force database entries referenced below. \n\n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nFileNet Content Manager 5.0.0, 5.2.1 \nIBM Content Foundation 5.2.1\n\n## Remediation/Fixes\n\nTo address this vulnerability install one of the fixes listed below to upgrade the IBM Java JRE. \nThe fixes supply the proper Java JRE for the various release levels of the affected products. Depending upon the product and release level, these fixes will upgrade the Java JRE (January 2017) to one of the following: \n\n * IBM JRE, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 41\n * IBM JRE, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 1 \n * IBM JRE, Java Technology Edition, Version 8 Service Refresh 4 Fix Pack 1 \n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nFileNet Content Manager| 5.0.0 \n5.2.1| [PJ44626](<http://www.ibm.com/support/docview.wss?uid=swg1PJ44626>) \n[PJ44628](<http://www.ibm.com/support/docview.wss?uid=swg1PJ44628>)| [](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.1.6&platform=All&function=all>)[5.0.0.10-P8PE-FP010](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Process+Engine&release=5.0.0.10&platform=All&function=all>) \\- 8/11/2017 \n5.2.1.7-P8CPE-FP007 - 6/26/2017 \nIBM Content Foundation| 5.2.1| [PJ44628](<http://www.ibm.com/support/docview.wss?uid=swg1PJ44628>)| [5.2.1.7-P8CPE-FP007](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.1.6&platform=All&function=all>) \\- 6/26/2017 \n \nIn the above table, the APAR links will provide more information about the fix. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T12:17:45", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK Java\u2122 Technology Edition Version 6, 7, 8 and IBM\u00ae Runtime Environment Java\u2122 Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552"], "modified": "2018-06-17T12:17:45", "id": "809E4CF694B5B95B122BBA4091FD01DB408F612E91FB12D54920A9623768E6BA", "href": "https://www.ibm.com/support/pages/node/291561", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:37:56", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6 Service Refresh 16 Fix Pack 30 and earlier releases that is used by IBM Rational Synergy. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and Jan 2017. \n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the IBM Java SDK Security Bulletin, located in the References section for more information. \n\n**CVEID:** [_CVE-2016-5597_](<https://vulners.com/cve/CVE-2016-5597>)** \nDESCRIPTION:** An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118071_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118071>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Rational Synergy 7.2.1 \u2013 7.2.1.5.x \nIBM Rational Synergy 7.2.0 \u2013 7.2.0.7.x\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_Rational Synergy_| _7.2.0.x and 7.2.1.x_| _N/A_| Replace the JRE used in Rational Synergy. \n \n**Steps to download and replace JRE in Rational Synergy:** \n1\\. Open the list of [_Synergy downloads on Fix Central_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Synergy&release=All&platform=All&function=all&source=fc>) \n2\\. Select the SDK and Readme for Rational Synergy which applied to your release as follows: \n \n**Note:** The fix will use the following naming convention: \n**_<V.R.M.F>_** _-Rational-RATISYNE-JavaSE-SDK-6.0.16.41-_ **_<platform>_** ** \n \n**Where **<V.R.M.F> = release **& **<platform> = operating system** \n \no Rational Synergy 7.2.1 (uses 7.2.1.5 release designation) \nExample: **7.2.1.5-Rational-RATISYNE-JavaSE-SDK-6.0.16.41-Linux** \n \no Rational Synergy 7.2.0 (uses 7.2.0.7 release designation) \nExample: **7.2.0.7-Rational-RATISYNE-JavaSE-SDK-6.0.16.41-Windows** \n \n3\\. Follow the steps in the [_Install instructions_](<http://www.ibm.com/support/docview.wss?uid=swg27042896>) to replace the JRE. \n\nFollow the steps in the [_HPUX_Install Instructions_](<http://www.ibm.com/support/docview.wss?uid=swg27045456>) to replace the JRE if your Synergy Platform is on HPUX \n \n \n| \n| \n| \n \n_For __Rational Synergy 7.1.0.x __IBM recommends upgrading to a fixed, supported version/release/platform of the product._ \n \n**To verify if Synergy has JRE version to address these security vulnerabilities**:- \nOpen a command prompt ** \nUnix**:- \nGo to $CCM_HOME/jre/bin folder \nExecute ./java -version \n** \nWindows**:- \nGo to %CCM_HOME%\\jre\\bin folder \nExecute java -version \n \nIf the output version is SR16 FP40 or greater than SR16 FP40, it implies the run area has jre version that addresses these security vulnerabilities. \n** \nExample**:- \njava version \"1.6.0\" \nJava(TM) SE Runtime Environment (build pxi3260sr16fp20-20160111_01(SR16 FP20)) \n\nIBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux x86-32 jvmxi3260sr16fp20-20151221_282799 (JIT enabled, AOT enabled)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-22T16:37:26", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Synergy", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5597"], "modified": "2020-12-22T16:37:26", "id": "818D64FAB138724C60F014197EF2ABD600F61BDB47F446BB8AEED6AE2402076B", "href": "https://www.ibm.com/support/pages/node/294383", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:39:47", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 1.8 used by IBM Sterling Secure Proxy. These issues were disclosed as part of the IBM Java SDK updates in Oct 2016 and Jan 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n** ** \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5597_](<https://vulners.com/cve/CVE-2016-5597>)** \nDESCRIPTION:** An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118071_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118071>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5542_](<https://vulners.com/cve/CVE-2016-5542>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118073_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118073>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n** **IBM Sterling Secure Proxy 3.4.3 through 3.4.3.0 iFix 3 \n** **IBM Sterling Secure Proxy 3.4.2 through 3.4.2.0 iFix 10\n\n## Remediation/Fixes\n\n_Note: The new JRE disables the TripleDES and DES (3DES_EDE_CBC and DESede) cipher suites in the java.security file. If you still use 3DES cipher suites, see the Fixlist associated with the iFix for a possible remediation route._ \n_ _\n\n**_Product_**| \n\n**_VRMF_**\n\n| \n\n**_iFix_**\n\n| **_Remediation/First Fix_** \n---|---|---|--- \nIBM Sterling Secure Proxy| \n\n3.4.3.0\n\n| \n\n_iFix 4_\n\n| [_Fix Central_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.3.0&platform=All&function=all>) \nIBM Sterling Secure Proxy| \n\n3.4.2.0\n\n| \n\n_iFix 11_\n\n| [_Fix Central_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.2.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-17T22:56:50", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Secure Proxy", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5542", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2016-5597"], "modified": "2019-12-17T22:56:50", "id": "996F645DC3B49CC7398E4C90C384D03751E395B6523F4594A6FC7F1B1941A5FA", "href": "https://www.ibm.com/support/pages/node/558623", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:55:52", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition used by IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. IBM PureApplication System has addressed the applicable CVEs. \nThese issues were also addressed by IBM WebSphere Application Server shipped with IBM PureApplication System.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2017-3241_](<https://vulners.com/cve/CVE-2017-3241>) \n**DESCRIPTION:** An unspecified vulnerability related to the RMI component has high confidentiality impact, high integrity impact, and high availability impact. \nCVSS Base Score: 9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2017-3252_](<https://vulners.com/cve/CVE-2017-3252>) \n**DESCRIPTION:** An unspecified vulnerability related to the JAAS component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n \nIBM PureApplication System V2.2 \nIBM PureApplication System V2.1 \n\n\n## Remediation/Fixes\n\n \nThe PureSystems Manager on IBM PureApplication System is affected. The solution is to upgrade the IBM PureApplication System to the following fix level: \n \nIBM PureApplication System V2.2: Upgrade to IBM PureApplication System V2.2.3 \n \nIBM PureApplication System V2.1: IBM recommends upgrading to a fixed version of the product. \n \nNote: Bluemix Local System is the evolution of the IBM PureApplication\u00ae System Intel\u2122 based offerings.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T07:07:36", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae SDK, Java affect IBM PureApplication System", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2017-3241", "CVE-2017-3252"], "modified": "2018-06-15T07:07:36", "id": "8B3B3FAE59032F92E437151A14796606A059539484E610CA8A4384D38D64734F", "href": "https://www.ibm.com/support/pages/node/561643", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:39:49", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 1.8 used by IBM Sterling External Authentication Server. These issues were disclosed as part of the IBM Java SDK updates in Oct 2016 and Jan 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n** ** \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5597_](<https://vulners.com/cve/CVE-2016-5597>)** \nDESCRIPTION:** An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118071_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118071>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5542_](<https://vulners.com/cve/CVE-2016-5542>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118073_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118073>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n** **IBM Sterling External Authentication Server 2.4.3 through 3.4.3.0 iFix 3 \n** **IBM Sterling External Authentication Server 2.4.2 through 3.4.2.0 iFix 6\n\n## Remediation/Fixes\n\n_Note: The new JRE disables the TripleDES and DES (3DES_EDE_CBC and DESede) cipher suites in the java.security file. If you still use 3DES cipher suites, see the Fixlist associated with the iFix for a possible remediation route._ \n \n\n\n**_Product_**| \n\n**_VRMF_**\n\n| \n\n**_iFix_**\n\n| **_Remediation/First Fix_** \n---|---|---|--- \nIBM Sterling External Authentication Server| \n\n2.4.3.0\n\n| \n\n_iFix 4_\n\n| [_Fix Central_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=2.4.3.0&platform=All&function=all>) \nIBM Sterling External Authentication Server| \n\n2.4.2.0\n\n| \n\n_iFix 7_\n\n| [_Fix Central_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=2.4.2.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-17T22:56:50", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling External Authentication Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5542", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2016-5597"], "modified": "2019-12-17T22:56:50", "id": "39C9A1E43EB70658FE71D01538582B5D0389F6360A624E0B8B800D6692A15BC0", "href": "https://www.ibm.com/support/pages/node/558621", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:51:02", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by IBM Systems Director. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2017-3252_](<https://vulners.com/cve/CVE-2017-3252>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the JAAS component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2017-3259_](<https://vulners.com/cve/CVE-2017-3259>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Deployment component could allow a remote attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120859_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120859>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \n**CVEID:** [_CVE-2016-5597_](<https://vulners.com/cve/CVE-2016-5597>)** \nDESCRIPTION:** An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118071_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118071>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n## Affected Products and Versions\n\nFrom the IBM System Director command line enter smcli lsver to determine the level of IBM System Director installed. \n \nIBM Systems Director: \n\n\n * 6.1.0.0\n * 6.1.0.1\n * 6.1.0.2\n * 6.1.0.3\n * 6.1.1.1\n * 6.1.1.2\n * 6.1.1.3\n * 6.1.2.0\n * 6.1.2.1\n * 6.1.2.2\n * 6.1.2.3\n * 6.2.0.0\n * 6.2.0.1\n * 6.2.0.2\n * 6.2.1.0\n * 6.2.1.0\n * 6.2.1.1\n * 6.2.1.2\n * 6.3.0.0 \n * 6.3.1.0 \n * 6.3.1.1 \n * 6.3.2.0 \n * 6.3.2.1 \n * 6.3.2.2 \n * 6.3.3.0 \n * 6.3.3.1 \n * 6.3.5.0 \n * 6.3.6.0\n * 6.3.7.0\n\n## Remediation/Fixes\n\nIBM Systems Director version pre 6.3.5 are unsupported and will not be fixed. IBM recommends upgrading to a fixed, supported version of the product. \n\n\nFollow the instructions mentioned in Technote [817463478](<http://www-01.ibm.com/support/docview.wss?uid=nas73e09c5d0762c6b1d8625812b007c8cc0>) to apply the fix for releases:\n\n * 6.3.5.0\n * 6.3.6.0\n * 6.3.7.0\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-25T05:54:54", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5597", "CVE-2017-3252", "CVE-2017-3259"], "modified": "2018-06-25T05:54:54", "id": "585BA495D30E535ED19078BE61EDB01B9542B69A4B1F97ED9F6E9F47727AE66A", "href": "https://www.ibm.com/support/pages/node/631127", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:44:51", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Java Runtime, Version 6.0, 7.0 and 8.0 that is used by IBM Tivoli Composite Application Manager for Transactions. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\nCVEID: [CVE-2017-3241](<https://vulners.com/cve/CVE-2017-3241>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the RMI component has high confidentiality impact, high integrity impact, and high availability impact. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120867> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \nCVEID: [CVE-2017-3253](<https://vulners.com/cve/CVE-2017-3253>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the 2D component could allow a remote attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120868> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \nCVEID: [CVE-2016-5546](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120869> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \nCVEID: [CVE-2016-5548](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120864> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [CVE-2016-5549](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120863> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \nCVEID: [CVE-2016-5547](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120871> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [CVE-2016-5552](<https://vulners.com/cve/CVE-2016-5552>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120872> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \nCVEID: [CVE-2016-2183](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/116337> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Tivoli Composite Application Manager (ITCAM) for Transactions : Versions 7.3.x.x to 7.4.x.x are affected\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nIBM Tivoli Composite Application Manager for Transaction | _7.4_ \n_7.3_| _IV94901_| [http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003266](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003266>) \n \nFor older versions of IBM Tivoli Composite Application manager for Transactions (eg 7.1 & 7.2), IBM recommends upgrading to a fixed, supported version/release/platform of the product. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-17T15:38:56", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Composite Application Manager for Transactions(CVE-2017-3241,\u00a0CVE-2017-3253,\u00a0CVE-2016-5546,\u00a0CVE-2016-5548,\u00a0CVE-2016-5549,\u00a0CVE-2016-5547,\u00a0CVE-2016-5552,\u00a0CVE-2016-2183)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2017-3241", "CVE-2017-3253"], "modified": "2018-06-17T15:38:56", "id": "A289C76BB432E45208A7499D79C262FF7A8ECBE30D5964EEE23BDDA18D5CCA4E", "href": "https://www.ibm.com/support/pages/node/558647", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:38", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6, Version 7 and Version 8 used by Rational Directory Server (Tivoli) and Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in January 2017. Install the recommended iFixes to upgrade the JRE in order to resolve these issues.\n\n## Vulnerability Details\n\nRational Directory Server & Rational Directory Administrator are affected by the following vulnerabilities: \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION**: An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120869> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION**: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120864> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION**: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120863> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION**: An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120871> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>) \n**DESCRIPTION**: An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120872> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [_CVE-2017-3231_](<https://vulners.com/cve/CVE-2017-3231>) \n**DESCRIPTION**: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120865> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2017-3259_](<https://vulners.com/cve/CVE-2017-3259>)\n\n \n**DESCRIPTION**: An unspecified vulnerability in Oracle Java SE related to the Deployment component could allow a remote attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120859> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nRational Directory Server (Tivoli) v5.2.1 iFix 11 and earlier. \n\nRational Directory Administrator v6.0.0.2 iFix 05 and earlier.\n\n## Remediation/Fixes\n\n1\\. Install one of the following IBM JREs supported versions that contain the fixes for these vulnerabilities: \n\n * [IBM Java Runtime Environment, Version 7 Service Refresh 10 Fix Pack 1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Rational+Directory+Server&fixids=5.2.1-RDS-JRE-7SR10FP1&source=SAR>)\n * [IBM Java Runtime Environment, Version 7 R1 Service Refresh 4 Fix Pack 1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Rational+Directory+Server&fixids=5.2.1-RDS-JRE-71SR4FP1&source=SAR>)\n * [IBM Java Runtime Environment, Version 8 Service Refresh 4 Fix Pack 1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Rational+Directory+Server&fixids=5.2.1-RDS-JRE-8SR4FP1&source=SAR>)\n \n2\\. After installing a fixed IBM JRE version, install Rational Directory Server v5.2.1 iFix12 and Rational Directory Administrator v6.0.0.2 iFix06 from: \n\n * [Rational Directory Server (Tivoli) Interim Fix 12 for 5.2.1](<https://www.ibm.com/support/docview.wss?uid=swg24043554>)\n * [Rational Directory Administrator Interim Fix 06 for 6.0.0.2](<https://www.ibm.com/support/docview.wss?uid=swg24043555>)\nThese steps will update the path of recommended/fixed IBM JRE in RDS/RDA. \n \n_For versions of Rational Directory Server that are earlier than version 5.2.1, and Rational Directory Administrator versions earlier than 6.0.0.2, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T05:20:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2017-3231", "CVE-2017-3259"], "modified": "2018-06-17T05:20:01", "id": "48F6840AC0A3A2A5DC3EB8D7F47480AADAE22C3CEDA66C7B389CD292BC042BFC", "href": "https://www.ibm.com/support/pages/node/293793", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:55:52", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition used by IBM OS Images for Red Hat Linux Systems, AIX-based, and Windows-based deployments. These issues were disclosed as part of the IBM Java SDK updates in January 2017.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2017-3241_](<https://vulners.com/cve/CVE-2017-3241>) \n**DESCRIPTION:** An unspecified vulnerability related to the RMI component has high confidentiality impact, high integrity impact, and high availability impact. \nCVSS Base Score: 9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2017-3252_](<https://vulners.com/cve/CVE-2017-3252>) \n**DESCRIPTION:** An unspecified vulnerability related to the JAAS component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N)![DCF Technotes \$AIM\$](/icons/doclink.gif) \n \n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n \nIBM OS Image for Red Hat Linux Systems 3.0.0.0 and earlier. \nIBM OS Image for AIX Systems 2.1.1.0 and earlier. \n \n\n\n## Remediation/Fixes\n\n \nVirtual machines deployed from IBM PureApplication Systems are affected. This includes RedHat Linux, AIX-based, and Windows-based deployments. The solution is to apply the following IBM PureApplication System fix to the deployed virtual machines. \n \nJava Update for Linux \n[_https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=Java_Update_Linux_May_2017-sys&includeRequisites=1&includeSupersedes=0_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=Java_Update_Linux_May_2017-sys&includeRequisites=1&includeSupersedes=0>) \n \nJava Update for Windows \n[_https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=Java_Update_Windows_May_2017-sys&includeRequisites=1&includeSupersedes=0_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=Java_Update_Windows_May_2017-sys&includeRequisites=1&includeSupersedes=0>) \n \nJava Update for AIX \n[_https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=Java_Update_AIX_May_2017-sys&includeRequisites=1&includeSupersedes=0_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=Java_Update_AIX_May_2017-sys&includeRequisites=1&includeSupersedes=0>) \n \n \n1\\. Import the fix into the Emergency Fix catalogue. \n2\\. For deployed instances, apply this emergency fix on the VM. \n3\\. Restart the deployed instance after the fix is applied. \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-15T07:07:36", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae SDK, Java affect IBM OS Images for Red Hat Linux Systems, AIX-based, and Windows-based deployments.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2017-3241", "CVE-2017-3252"], "modified": "2018-06-15T07:07:36", "id": "AE3685746163DCE703CA4C9996CB5B2E2985B9C1901E4598309A395E908BDDB9", "href": "https://www.ibm.com/support/pages/node/561641", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:38:35", "description": "## Summary\n\nMultiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct Browser User Interface (October 2016 CPU and January 2017 CPU) \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5542_](<https://vulners.com/cve/CVE-2016-5542>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118073_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118073>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N) \n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)\n\n \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2017-3259_](<https://vulners.com/cve/CVE-2017-3259>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Deployment component could allow a remote attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120859_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120859>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Sterling Connect:Direct Browser User Interface 1.5.0 through 1.5.0.2 iFix 18 \nIBM Sterling Connect:Direct Browser User Interface 1.4.0 through 1.4.11.0 iFix 5\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**iFix**\n\n| **Remediation/First Fix** \n---|---|---|--- \nIBM Sterling Connect:Direct Browser User Interface| \n\n1.5.0.2 \n\n| \n\niFix 19 \n\n| [_Fix Central_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Connect%3ADirect+Browser+User+Interface&release=1.5.0.2&platform=All&function=all>) \nIBM Sterling Connect:Direct Browser User Interface| \n\n1.4.0 to 1.4.11.0 \n\n| \n\niFix 6\n\n| [_Contact IBM Support_](<https://www.ibm.com/support/servicerequest/Home.action>) and request the fix package be published for you on the ECuRep server. \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-24T22:49:37", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct Browser User Interface", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5542", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2017-3259"], "modified": "2020-07-24T22:49:37", "id": "FF8A5C202A165C6A86DAF62B5BC19ADD9FB787B84C46A73C2E35849265921673", "href": "https://www.ibm.com/support/pages/node/559097", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:52:33", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 Service Refresh 4 Fix Pack 2 used by IBM Tealeaf Customer Experience. IBM Tealeaf Customer Experience has addressed the applicable CVEs. These issues were also addressed by IBM Websphere Application Server shipped with IBM Tealeaf Customer Experience.\n\n## Vulnerability Details\n\n \n**CVEID:** [CVE-2017-3511](<https://vulners.com/cve/CVE-2017-3511>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124890> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2016-5546](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120869> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [CVE-2016-5548](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120864> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-5549](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120863> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2016-5547](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120871> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-5552](<https://vulners.com/cve/CVE-2016-5552>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120872> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Tealeaf Customer Experience 9.0.2\n\n## Remediation/Fixes\n\nIBM Tealeaf Customer Experience\n\n| \n\n9.0.2A \n\n| `[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Enterprise%20Marketing%20Management&product=ibm/Other+software/Tealeaf+Customer+Experience&release=All&platform=All&function=fixId&fixids=9.0.2.5321_9.0.2A_IBM_Tealeaf_CXUpgrade_FixPack6&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Enterprise%20Marketing%20Management&product=ibm/Other+software/Tealeaf+Customer+Experience&release=All&platform=All&function=fixId&fixids=9.0.2.5321_9.0.2A_IBM_Tealeaf_CXUpgrade_FixPack6&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>)` \n---|---|--- \n \nIBM Tealeaf Customer Experience \n\n| \n\n9.0.2 \n\n| `[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Enterprise%20Marketing%20Management&product=ibm/Other+software/Tealeaf+Customer+Experience&release=All&platform=All&function=fixId&fixids=9.0.2.1351_IBM_Tealeaf_CXUpgrade_FixPack6&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Enterprise%20Marketing%20Management&product=ibm/Other+software/Tealeaf+Customer+Experience&release=All&platform=All&function=fixId&fixids=9.0.2.1351_IBM_Tealeaf_CXUpgrade_FixPack6&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>)` \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-16T20:10:57", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java Runtime Affect IBM Tealeaf Customer Experience", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2017-3511"], "modified": "2018-06-16T20:10:57", "id": "338AB08D090BA2BDA32CC469B5B114EB53839D2991DDD8A50E966F33D52E1318", "href": "https://www.ibm.com/support/pages/node/565359", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-21T05:44:39", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 6, 7 and 8 used by Tivoli Netcool Performance Manager . These issues were disclosed as part of the IBM Java SDK updates for October 2016 and January 2017. \n \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5597_](<https://vulners.com/cve/CVE-2016-5597>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118071_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118071>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5542_](<https://vulners.com/cve/CVE-2016-5542>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118073_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118073>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N) ** \n \nCVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n\n## Affected Products and Versions\n\nTivoli Netcool Performance Manager 1.3.2 \nTivoli Netcool Performance Manager 1.4.0 - 1.4.2 \n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**Tivoli Netcool Performance Manager 1.4.2**| _None_| _None_| [_http://www.ibm.com/support/docview.wss?uid=swg24043610_](<http://www.ibm.com/support/docview.wss?uid=swg24043610>) \n[_http://www-01.ibm.com/support/docview.wss?uid=swg21993440_](<http://www-01.ibm.com/support/docview.wss?uid=swg21993440>)_ \n_[_http://www-01.ibm.com/support/docview.wss?uid=swg21998379_](<http://www-01.ibm.com/support/docview.wss?uid=swg21998379>) \n**Tivoli Netcool Performance Manager 1.4.1**| _None_| _None_| [_http://www.ibm.com/support/docview.wss?uid=swg24043714_](<http://www.ibm.com/support/docview.wss?uid=swg24043714>)_ _ \n[_http://www-01.ibm.com/support/docview.wss?uid=swg21993440_](<http://www-01.ibm.com/support/docview.wss?uid=swg21993440>)_ \n_[_http://www-01.ibm.com/support/docview.wss?uid=swg21998379_](<http://www-01.ibm.com/support/docview.wss?uid=swg21998379>) \n**Tivoli Netcool Performance Manager 1.4.0**| _None_| _None_| [_http://www.ibm.com/support/docview.wss?uid=swg24043714_](<http://www.ibm.com/support/docview.wss?uid=swg24043714>)_ _ \n[_http://www-01.ibm.com/support/docview.wss?uid=swg21993440_](<http://www-01.ibm.com/support/docview.wss?uid=swg21993440>)_ \n_[_http://www-01.ibm.com/support/docview.wss?uid=swg21998379_](<http://www-01.ibm.com/support/docview.wss?uid=swg21998379>) \n**Tivoli Netcool Performance Manager 1.3.2**| _None_| _None_| [_http://www.ibm.com/support/docview.wss?uid=swg24043803_](<http://www.ibm.com/support/docview.wss?uid=swg24043803>) \n[_http://www-01.ibm.com/support/docview.wss?uid=swg21993440_](<http://www-01.ibm.com/support/docview.wss?uid=swg21993440>)_ \n_[_http://www-01.ibm.com/support/docview.wss?uid=swg21998379_](<http://www-01.ibm.com/support/docview.wss?uid=swg21998379>) \nFor unsupported versions of the above products, IBM recommends upgrading to a fixed, supported version of the product. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:42:35", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server and Tivoli Netcool Performance Manager October 2016 and January 2017 CPU (multiple CVEs)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5542", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5597"], "modified": "2018-06-17T15:42:35", "id": "BB4454A9E595CB5DCA50C624220A8FA66F556CD5D3FB737C88C07320DBC111CE", "href": "https://www.ibm.com/support/pages/node/564141", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:39:51", "description": "## Summary\n\nMultiple vulnerabilities in IBM Java Runtime affect IBM Sterling Control Center (October 2016 CPU and January 2017 CPU)\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2017-3259_](<https://vulners.com/cve/CVE-2017-3259>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Deployment component could allow a remote attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120859_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120859>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5542_](<https://vulners.com/cve/CVE-2016-5542>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118073_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118073>) for the current score \nCVSS Environmental Score*: Undefined \n\n## Affected Products and Versions\n\nIBM Control Center 6.1.0.0 through 6.1.0.1 iFix03 \nIBM Control Center 6.0.0.0 through 6.0.0.1 iFix08 \nIBM Sterling Control Center 5.4.2 through 5.4.2.1 iFix10 \n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **Fix**| **How to acquire fix** \n---|---|---|--- \nControl Center| 6.1.0.1| iFix04| [_Fix Central - 6.1.0.1_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Control+Center&release=6.1.0.1&platform=All&function=all>) \nControl Center| 6.0.0.1| iFix09| [_Fix Central - 6.0.0.1_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Control+Center&release=6.0.0.1&platform=All&function=all>) \nControl Center| 5.4.2.1| iFix11| [_Fix Central - 5.4.2.1_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Control+Center&release=5.4.2.1&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-17T22:47:42", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Control Center", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5542", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2017-3259"], "modified": "2019-12-17T22:47:42", "id": "AD89222617F895F6A68483970725D63E3E250AD136E5FC669CD376901654FE99", "href": "https://www.ibm.com/support/pages/node/557651", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:39:01", "description": "## Summary\n\nMultiple security vulnerabilities exist in IBM\u00ae Runtime Environment Java\u2122 Technology Edition 6.0.16.30 (and earlier) used by WebSphere Message Broker, and IBM\u00ae Runtime Environment Java\u2122 Technology Edition 7.0.9.50 (and earlier) used by WebSphere Message Broker and IBM Integration Bus, and the IBM\u00ae Runtime Environment Java\u2122 Technology Edition 7.1.3.50 (and earlier) used by IBM Integration Bus. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the IBM Java SDK Security Bulletin, located in the References section for more information. \n \n**CVEID:** [_CVE-2017-3241_](<https://vulners.com/cve/CVE-2017-3241>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the RMI component has high confidentiality impact, high integrity impact, and high availability impact. \nCVSS Base Score: 9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2017-3252_](<https://vulners.com/cve/CVE-2017-3252>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the JAAS component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \n \n**CVEID:** [_CVE-2016-5597_](<https://vulners.com/cve/CVE-2016-5597>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118071_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118071>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Integration Bus V10.0.0.0- V10.0.0.8, V9.0.0.0- V9.0.0.7 \n\nWebSphere Message Broker V8.0.0.0- V8.0.0.8\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/Fix** \n---|---|---|--- \nIBM Integration Bus| V10.0.0.0- V10.0.0.8| IT19061 | An interim fix is available from IBM Fix Central for all platforms \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=IT19061](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=IT19061>) \nAPAR IT19061 is targeted to be available in fix pack 10.0.0.9 \nIBM Integration Bus| V9.0.0.0- V9.0.0.7| IT19061 | An interim fix is available from IBM Fix Central for all platforms \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=IT19061](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=IT19061>) \n \nAPAR IT19061 is targeted to be available in fix pack 9.0.0.8 \nWebSphere Message Broker | V8.0.0.0- V8.0.0.8| IT19061 | An interim fix is available from IBM Fix Central for all platforms \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars=IT19061 ](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars=IT19061>) \n \nIf you are running with a fix pack earlier than 8.0.0.7 and do not have IT03599 applied then you must upgrade your fix pack level to 8.0.0.7 or higher, or request IT19076 via IBM support. \n \nAPAR IT19061 is targeted to be available in fix pack 8.0.0.9 \n \n**_To address Java vulnerabilities in Toolkit_** \n \n**Product**| **VRMF**| **APAR**| **Remediation/Fix** \n---|---|---|--- \nIBM Integration Toolkit| V9.0.0.0- V9.0.0.7| IT19061| An interim fix is available from IBM Fix Central \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=IT19061](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/Integration+Bus&release=All&platform=All&function=aparId&apars=IT19061>) \nWebSphere Message Broker \nToolkit| V8.0.0.0- V8.0.0.8| IT19076 | An interim fix is available from IBM Fix Central \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars= IT19076 ](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars=%20IT19076>) \n \n_For unsupported versions of the product IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n \nThe planned maintenance release dates for WebSphere Message Broker and IBM Integration Bus are available at : \n[http://www.ibm.com/support/docview.wss?uid=swg27006308 ](<http://www.ibm.com/support/docview.wss?uid=swg27006308>) \n \nNote: \nAs a result of the CVE CVE-2016-2183 vulnerability the cryptographic algorithm 3DES_EDE_CBC is no longer considered secure. Installing any of the above fixes or altering the below configuration will disable all uses of the 3DES_EDE_CBC algorithm through Java. Any cipher suite used during TLS handshaking which tries to use 3DES_EDE_CBC is not accepted. \n\n## Workarounds and Mitigations\n\nFor CVE-2016-2183: \nUsers can address the issue by updating the java.security file to disable the use of the 3DES_EDE_CBC algorithm. \n1\\. Edit the java.security file in the jre/lib/security directory of the IBM Integration Bus or WebSphere Message Broker installation. \nFor example: \nv10: \nc:\\Program Files\\IBM\\IIB\\10.0.0.2\\common\\jdk\\jre\\lib\\security\\java.security \n/opt/ibm/iib/10.0.0.2/common/jdk/jre/lib/security/java.security (LinuxX64 only) \n/opt/ibm/iib/10.0.0.2/common/jre/lib/security/java.security \nv9 & v8 (@ 8.0.0.7 or later): \nc:\\Program Files\\IBM\\MQSI\\9.0.0.4\\jre17\\lib\\security\\java.security \n/opt/ibm/mqsi/9.0.0.4/jre17/lib/security/java.security \nc:\\Program Files\\IBM\\MQSI\\8.0.0.6\\jre17\\lib\\security\\java.security \n/opt/ibm/mqsi/8.0.0.6/jre17/lib/security/java.security \n \n2\\. Add DESede to the jdk.tls.disabledAlgorithms property \nFor example: \njdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768, MD5withRSA, DESede \n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-03-23T20:41:52", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Message Broker and IBM Integration Bus", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2016-5597", "CVE-2017-3241", "CVE-2017-3252"], "modified": "2020-03-23T20:41:52", "id": "380CCDF94F63E9411CB17899AD61C96C46F6EEF9CF6D334DF2C4AC51A8FD2C67", "href": "https://www.ibm.com/support/pages/node/559041", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:53:27", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version Java 1.8.0 SR1 FP10 used by DB2 Recovery Expert for Linux, Unix and Windows. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n\n## Affected Products and Versions\n\nDB2 Recovery Expert for Linux, UNIX and Windows V5.1 \n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \n**_DB2 Recovery Expert for Linux, Unix and Windows_**| _V5.1.3_| [_https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2+Recovery+Expert+for+Linux+UNIX+and+Windows&release=5.1&platform=All&function=all_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2+Recovery+Expert+for+Linux+UNIX+and+Windows&release=5.1&platform=All&function=all>) \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T13:47:47", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect DB2 Recovery Expert for Linux, Unix and Windows", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5546", "CVE-2016-5547"], "modified": "2018-06-16T13:47:47", "id": "DA1B32F1EBFA7EDFFCD008466117AFB73DD6C23F7CB38FBE5C6F5715964BBAEF", "href": "https://www.ibm.com/support/pages/node/558881", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-21T05:50:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 and IBM Runtime Environment Java Version 8 used by IBM Security Access Manager version 8 and 9 appliances. These issues were disclosed as part of the IBM Java SDK updates in January 2017. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-3241_](<https://vulners.com/cve/CVE-2017-3241>) \n**DESCRIPTION:** An unspecified vulnerability related to the RMI component has high confidentiality impact, high integrity impact, and high availability impact. \nCVSS Base Score: 9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [_CVE-2017-3261_](<https://vulners.com/cve/CVE-2017-3261>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120866_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120866>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2017-3231_](<https://vulners.com/cve/CVE-2017-3231>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120865_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120865>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2017-3259_](<https://vulners.com/cve/CVE-2017-3259>) \n**DESCRIPTION:** An unspecified vulnerability related to the Deployment component could allow a remote attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120859_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120859>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Web version 8, all firmware versions \n\nIBM Security Access Manager for Mobile version 8, all firmware versions\n\nIBM Security Access Manager version 9, all firmware versions\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Web| 8.0.0.0 - 8.0.1.5| IV93204| Upgrade to 8.0.1.6:[](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \n[_8.0.1-ISS-WGA-FP0006_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>) \nIBM Security Access Manager for Mobile| 8.0.0.0 - 8.0.1.5| IV93291| Upgrade to 8.0.1.6: \n[8.0.1-ISS-ISAM-FP0006](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0&platform=Linux&function=all>) \nIBM Security Access Manager| 9.0 - 9.0.2.1| IV93204| Upgrade to 9.0.3.0: \n[IBM Security Access Manager V9.0.3 Multiplatform, Multilingual (CRW4EML) ](<http://www-01.ibm.com/software/passportadvantage/pacustomers.html>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-06-16T21:59:48", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager appliances", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2017-3231", "CVE-2017-3241", "CVE-2017-3259", "CVE-2017-3261"], "modified": "2018-06-16T21:59:48", "id": "309C257881EC1B262C362A51A26ED2456552A2DE0687635F17746EA2BB9A63D6", "href": "https://www.ibm.com/support/pages/node/560485", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:53:28", "description": "## Summary\n\nThere are multiple vulnerabiltities in the IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in January 2017. These may affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition. There is a potential cross-site scripting vulnerability in the Admin Console of WebSphere Application Server. There is a potential response splitting attack vulnerability in IBM HTTP Server. There are open source samba vulnerabilities in Red Hat Linux \n \n\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the References section for more information. \n \n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n** \nCVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n** \nCVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n \n \n**CVEID:** [_CVE-2017-1121_](<https://vulners.com/cve/CVE-2017-1121>)** \nDESCRIPTION:** IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121173_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121173>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2016-8743_](<https://vulners.com/cve/CVE-2016-8743>)** \nDESCRIPTION:** Apache HTTPD is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2016-2126_](<https://vulners.com/cve/CVE-2016-2126>)** \nDESCRIPTION:** Samba could allow a remote authenticated attacker to gain elevated privileges on the system, caused by the failure of handling the PAC checksum. By using a specially-crafted Kerberos ticket, an authenticated attacker could exploit this vulnerability to gain privileges or cause the winbindd process to crash. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119906_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119906>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-2125_](<https://vulners.com/cve/CVE-2016-2125>)** \nDESCRIPTION:** Samba could allow a remote authenticated attacker to gain elevated privileges on the system, caused by forwarding a Ticket Granting Ticket (TGT) to other service when using Kerberos authentication. An attacker could exploit this vulnerability to impersonate the authenticated user and gain elevated privileges on the system. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119968_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119968>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-2123_](<https://vulners.com/cve/CVE-2016-2123>)** \nDESCRIPTION:** Samba is vulnerable to a heap-based buffer overflow, caused by an integer wrap flaw in the ndr_pull_dnsp_name() function. By writing specially crafted data to the Samba Active Directory ldb database dnsRecord attribute, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119969_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119969>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nThis vulnerability affects the following versions and releases of IBM WebSphere Application Server: \n\n * Version 9.0 \n * Version 8.5.5 \n\n## Remediation/Fixes\n\nTo **patch an existing service instance** requires two steps: \n \n1\\. To update WebSphere Application Server refer to the IBM WebSphere Application Server bulletins listed below: \n \n[**Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2017 CPU**](<http://www-01.ibm.com/support/docview.wss?uid=swg21998379>) \n \n[**Security Bulletin: Potential Cross-site scripting vulnerability in WebSphere Application Server (CVE-2017-1121)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21997743>) \n \n[**Security Bulletin: Potential vulnerability in IBM HTTP Server (CVE-2016-8743)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21996847>) \n \n2\\. To apply the RHEL OS updates, run **yum update.** \n \nAlternatively, delete the vulnerable service instance and create a new instance. The new maintenance will be included for version 9.0. However, for 8.5.5 you must apply the following maintenance manually. \n \n[**Security Bulletin: Potential vulnerability in IBM HTTP Server (CVE-2016-8743)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21996847>) \n \n[**Security Bulletin: Potential Cross-site scripting vulnerability in WebSphere Application Server (CVE-2017-1121)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21997743>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T07:07:12", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in Bluemix", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2123", "CVE-2016-2125", "CVE-2016-2126", "CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-8743", "CVE-2017-1121"], "modified": "2018-06-15T07:07:12", "id": "5DFE6B79B25C44CBA008AA76D79705C9D2320EA9C2087D3E36D2BADCC47C9D82", "href": "https://www.ibm.com/support/pages/node/294641", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:39:09", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017. Multiple Open Source OpenSSL vulnerabilities have also been addressed.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-5573_](<https://vulners.com/cve/CVE-2016-5573>) \n**DESCRIPTION:** An unspecified vulnerability related to the VM component has high confidentiality impact, high integrity impact, and high availability impact. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118070_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118070>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-5597_](<https://vulners.com/cve/CVE-2016-5597>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118071_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118071>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7055_](<https://vulners.com/cve/CVE-2016-7055>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118748_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118748>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2017-3732_](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121313_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n * IBM Cognos Insight 10.2.1\n * IBM Cognos Insight 10.2.2\n\n## Remediation/Fixes\n\n \nThe recommended solution is to apply the fix for versions listed as soon as practical. \n\n\n**Cognos Insight Standard Edition 10.2.1 Fix Pack 2 Interim Fix 8**\n\nLink:[_http://www.ibm.com/support/docview.wss?uid=swg24043926_](<http://www.ibm.com/support/docview.wss?uid=swg24043926>)\n\n**Cognos Insight Standard Edition 10.2.2.7 Interim Fix 1**\n\nLink: [_http://www.ibm.com/support/docview.wss?uid=swg24043914_](<http://www.ibm.com/support/docview.wss?uid=swg24043914>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-02-24T07:27:10", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5552", "CVE-2016-5573", "CVE-2016-5597", "CVE-2016-7055", "CVE-2017-3732"], "modified": "2020-02-24T07:27:10", "id": "5A5125564C5E6100B8631DC69D64BB29F15CFE14C3E6A31A6DF6AD6E3808314A", "href": "https://www.ibm.com/support/pages/node/565589", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:47:33", "description": "## Summary\n\nMultiple security vulnerabilities affect Watson Explorer Foundational Components.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-8610_](<https://vulners.com/cve/CVE-2016-8610>) \n**DESCRIPTION:** SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL handshake. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause the application to stop responding. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118296_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118296>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n**CVEID:** [_CVE-2016-2177_](<https://vulners.com/cve/CVE-2016-2177>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the incorrect use of pointer arithmetic for heap-buffer boundary checks. By leveraging unexpected malloc behavior, a remote attacker could exploit this vulnerability to trigger an integer overflow and cause the application to crash. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the in the Triple-DES on 64-bit block cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5597_](<https://vulners.com/cve/CVE-2016-5597>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118071_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118071>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5542_](<https://vulners.com/cve/CVE-2016-5542>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118073_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118073>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2017-3252_](<https://vulners.com/cve/CVE-2017-3252>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the JAAS component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nTo see which vulnerabilities apply to your product and version, see the applicable row in the following table. \n\n**Affected Product**\n\n| **Affected Versions**| **Applicable Vulnerabilities** \n---|---|--- \nWatson Explorer Foundational Components| 11.0.0.0 - 11.0.0.3, 11.0.1| CVE-2016-8610 \nCVE-2016-2177 \nCVE-2016-2183 \nCVE-2016-5597 \nCVE-2016-5542 \nWatson Explorer Foundational Components| 11.0.0.0 - 11.0.0.3, 11.0.1, 11.0.2| CVE-2016-5546 \nCVE-2016-5548 \nCVE-2016-5549 \nCVE-2017-3252 \nCVE-2016-5547 \nCVE-2016-2183 \nWatson Explorer Foundational Components| 10.0.0.0 - 10.0.0.3| CVE-2016-8610 \nCVE-2016-2177 \nCVE-2016-2183 \nCVE-2016-5597 \nCVE-2016-5542 \nWatson Explorer Foundational Components| 10.0.0.0 - 10.0.0.4| CVE-2016-5546 \nCVE-2016-5548 \nCVE-2016-5549 \nCVE-2017-3252 \nCVE-2016-5547 \nCVE-2016-2183 \nWatson Explorer Foundational Components| 9.0.0.0 - 9.0.0.7| CVE-2016-8610 \nCVE-2016-2177 \nCVE-2016-2183 \nWatson Explorer Foundational Components| 9.0.0.0 - 9.0.0.8| CVE-2016-5597 \nCVE-2016-5542 \nCVE-2016-5546 \nCVE-2016-5548 \nCVE-2016-5549 \nCVE-2017-3252 \nCVE-2016-5547 \nCVE-2016-2183 \nInfoSphere Data Explorer| 8.2 - 8.2-5| CVE-2016-8610 \nCVE-2016-2177 \nCVE-2016-2183 \nInfoSphere Data Explorer| 8.2 - 8.2-6| CVE-2016-5597 \nCVE-2016-5542 \nCVE-2016-5546 \nCVE-2016-5548 \nCVE-2016-5549 \nCVE-2017-3252 \nCVE-2016-5547 \nCVE-2016-2183 \n \n## Remediation/Fixes\n\nFor information about fixes, see the applicable row in the following table. The table reflects product names at the time the specified versions were released. \n\n**Affected Product**\n\n| **Affected Versions**| **Vulnerability**| **Fix** \n---|---|---|--- \nWatson Explorer Foundational Components| 11.0.0.0 - 11.0.0.3, 11.0.1| CVE-2016-8610 \nCVE-2016-2177 \nCVE-2016-2183 \nCVE-2016-5597 \nCVE-2016-5542| Upgrade to Version 11.0.2 \n \nSee [Watson Explorer Version 11.0.2 Foundational Components](<http://www.ibm.com/support/docview.wss?uid=swg24042892>) for downloading information and instructions. \nWatson Explorer Foundational Components| 11.0.0.0 - 11.0.0.3, 11.0.1, 11.0.2| CVE-2016-5546 \nCVE-2016-5548 \nCVE-2016-5549 \nCVE-2017-3252 \nCVE-2016-5547 \nCVE-2016-2183| Upgrade to Version 11.0.2.1. \n \nSee [Watson Explorer Version 11.0.2.1 Foundational Components](<http://www.ibm.com/support/docview.wss?uid=swg24043786>) for download information and instructions. \nWatson Explorer Foundational Components| 10.0.0.0 - 10.0.0.3| CVE-2016-8610 \nCVE-2016-2177 \nCVE-2016-2183 \nCVE-2016-5597 \nCVE-2016-5542| Upgrade to Version 10.0.0.4 \n \nSee [Watson Explorer Version 10.0.0.4 Foundational Components](<http://www.ibm.com/support/docview.wss?uid=swg24043386>) for downloading information and instructions. \n \nNote: For SUSE Linux 11 contact [IBM Support](<https://www.ibm.com/support/entry/portal/product/watson_group/watson_explorer>) for more information. \nWatson Explorer Foundational Components| 10.0.0.0 - 10.0.0.4| CVE-2016-5546 \nCVE-2016-5548 \nCVE-2016-5549 \nCVE-2017-3252 \nCVE-2016-5547 \nCVE-2016-2183| \n\n 1. If you have not already installed, install V10.0 Fix Pack 4 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24043386>)). If you upgrade to Version 10.0.0.4 after you update IBM Java Runtime, your changes are lost and you must repeat the steps. \n 2. Download the IBM Java Runtime, Version 8 package for your edition (Standard, Enterprise, or Advanced) and operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%20Group&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.4&platform=All&function=all#Others>): interim fix **10.0.0.4-WS-WatsonExplorer-<Edition>Foundational-<OS>-8SR4FP1** or later (for example, 10.0.0.4-WS-WatsonExplorer-EEFoundational-Linux-8SR4FP5).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg21700618>). \nWatson Explorer Foundational Components | 9.0.0.0 - 9.0.0.7| CVE-2016-8610 \nCVE-2016-2177 \nCVE-2016-2183| Upgrade to Version 9.0.0.8 \n \nSee [Watson Explorer Version 9.0.0.8 Foundational Components](<http://www.ibm.com/support/docview.wss?uid=swg24043385>) for downloading information and instructions. \n \nNote: For SUSE Linux 11 contact [IBM Support](<https://www.ibm.com/support/entry/portal/product/watson_group/watson_explorer>) for more information. \nWatson Explorer Foundational Components | 9.0.0.0 - 9.0.0.8| CVE-2016-5597 \nCVE-2016-5542 \nCVE-2016-5546 \nCVE-2016-5548 \nCVE-2016-5549 \nCVE-2017-3252 \nCVE-2016-5547 \nCVE-2016-2183| \n\n 1. If you have not already installed, install Version 9.0 Fix Pack 8 (see [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=9.0.0.4&platform=All&function=all#Watson%20Explorer>) to download Version 9.0.0.8 Standard Edition or Enterprise Edition[](<http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=9.0.0.5-WS-WatsonExplorer-SE-FP001&continue=1>)[](<http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=9.0.0.5-WS-WatsonExplorer-EE-FP001&continue=1>)). If you upgrade to Version 9.0.0.8 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 7 package for your edition and operating system from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=9.0.0.6&platform=All&function=all#Others>): Interim fix **9.0.0.8-WS-****WatsonExplorer****-<Edition>-<OS>-****7.1SR4FP1** or later (for example, 9.0.0.8-WS-WatsonExplorer-EE-Linux-7.1SR4FP1).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg21700618>). \nInfoSphere Data Explorer| 8.2 - 8.2-5| CVE-2016-8610 \nCVE-2016-2177 \nCVE-2016-2183| Upgrade to Version 8.2-6 \n \nSee [Watson Explorer Version 8.2-6 Foundational Components](<http://www.ibm.com/support/docview.wss?uid=swg24043384>) for downloading information and instructions. \n \nNote: For SUSE Linux 11 contact [IBM Support](<https://www.ibm.com/support/entry/portal/product/watson_group/watson_explorer>) for more information. \nInfoSphere Data Explorer| 8.2 - 8.2-6| CVE-2016-5597 \nCVE-2016-5542 \nCVE-2016-5546 \nCVE-2016-5548 \nCVE-2016-5549 \nCVE-2017-3252 \nCVE-2016-5547 \nCVE-2016-2183| \n\n 1. If you have not already installed, install V8.2 Fix Pack 6 (see [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=8.2.2.0&platform=All&function=all#Data%20Explorer>) to download V8.2-6). If you upgrade to Version 8.2-6 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 7 package for your operating system from [Fix Central: ](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=8.2.2.0&platform=All&function=all#Others>)Interim fix **8.2-6-WS-DataExplorer-<OS>-7.1SR4FP1** or later (for example, 8.2-6-WS-DataExplorer-Windows-7.1SR4FP1).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg21700618>). \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T13:07:33", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect Watson Explorer Foundational Components", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2177", "CVE-2016-2183", "CVE-2016-5542", "CVE-2016-5546", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5597", "CVE-2016-8610", "CVE-2017-3252"], "modified": "2018-06-17T13:07:33", "id": "97CF77A702900BA77E968389309024695F5A4B413BCB706E68F012C99DB07821", "href": "https://www.ibm.com/support/pages/node/287457", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:39:09", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017. Multiple Open Source OpenSSL vulnerabilities have also been addressed.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-2183_](<https://vulners.com/cve/CVE-2016-2183>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116337_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116337>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5546_](<https://vulners.com/cve/CVE-2016-5546>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120869_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120869>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2016-5547_](<https://vulners.com/cve/CVE-2016-5547>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120871_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120871>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5548_](<https://vulners.com/cve/CVE-2016-5548>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120864_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120864>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5549_](<https://vulners.com/cve/CVE-2016-5549>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120863_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120863>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5552_](<https://vulners.com/cve/CVE-2016-5552>) \n**DESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120872_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120872>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-5573_](<https://vulners.com/cve/CVE-2016-5573>) \n**DESCRIPTION:** An unspecified vulnerability related to the VM component has high confidentiality impact, high integrity impact, and high availability impact. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118070_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118070>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVS