Multiple vulnerabilities in IBM Java SDK affect AIX

IBM SECURITY ADVISORY First Issued: Fri Jul 31 13:04:25 CDT 2015 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/javajuly2015advisory.asc https://aix.software.ibm.com/aix/efixes/security/javajuly2015advisory.asc...

Oracle Java SE CVE-2015-2590 Remote Security Vulnerability

Description Oracle Java SE is prone to a remote security vulnerability. The vulnerability can be exploited over multiple protocols. This issue affects the 'Libraries' sub-component. This vulnerability affects the following supported versions: Java SE 6u95, Java SE 7u80, Java SE 8u45, Java SE...

Multiple vulnerabilities in IBM Java SDK affect AIX

IBM SECURITY ADVISORY First Issued: Wed Jun 3 12:58:42 CDT 2015 |Updated: Wed Jun 3 16:10:11 CDT 2015 |Update: Corrected affected fileset levels The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/javaapril2015advisory.asc...

Important: Red Hat Security Advisory: java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

AIX Java Advisory : Multiple Vulnerabilities (Bar Mitzvah)

The version of Java SDK installed on the remote host is affected by multiple vulnerabilities : - A man-in-the-middle information disclosure vulnerability exists due to a TLS security downgrade flaw. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORTRSA ciph...

IBM WebSphere Application Server 7.0 < Fix Pack 37 Multiple Vulnerabilities (POODLE)

The IBM WebSphere Application Server running on the remote host is version 7.0 prior to Fix Pack 37. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles...

JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update

Unspecified vulnerability in the Java Virtual Machine JVM in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via...

AIX Java Advisory : java_oct2014_advisory.asc (POODLE)

The version of Java SDK installed on the remote host is affected by the following vulnerabilities : - A privilege escalation vulnerability in the IBM Java SDK allows a local attacker to inject arbitrary code into the shared classes cache due to a flaw in the default configuration for the shared...

AIX Java Advisory : java_jan2014_advisory.asc

The version of Java SDK installed on the remote host is potentially affected by the following vulnerabilities : - Vulnerabilities in Oracle Java allow a remote attacker to bypass security features through flaws in XML document parsing. CVE-2013-5878, CVE-2013-5910 - An information disclosure flaw...

JDK: Vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier f...

CVE-2013-0485

Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries...

Design/Logic Flaw

Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries...

CVE-2013-0485

Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries...

CVE-2013-0485

CVE-2013-0485 refers to an unspecified vulnerability in IBM Java SDK versions (7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16) with unknown impact/attack vectors related to Class Libraries. Connected advisories note the issue affecting IBM Rational Developer ...

IBM WebSphere Application Server 8.0 < Fix Pack 8 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 before Fix Pack 8 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - A CSRF vulnerability exists in IBM WebSphere Application Server due to improper validation of portlets in the Administrative...

IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (uncredentialed check)

According to its banner, the version of IBM Domino formerly IBM Lotus Domino on the remote host is 9.x earlier than 9.0.1. It is, therefore, affected by the following vulnerabilities : - The included version of the IBM Java SDK contains a version of IBM JRE that contains numerous security issues...

IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (credentialed check)

The remote host has a version of IBM Domino formerly Lotus Domino 9.x prior to 9.0.1 installed. It is, therefore, reportedly affected by the following vulnerabilities : - The included version of the IBM Java SDK contains a version of IBM JRE that contains numerous security issues. CVE-2013-0809,...

JDK: unspecified sandbox bypass (XML)

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL...

JDK: unspecified sandbox bypass (JVM)

Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors...

CVE-2013-5375

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL...