There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 that is used by IBM MessageSight. These issues were disclosed as part of the IBM Java SDK updates in January 2015.
CVEID: CVE-2015-0410
DESCRIPTION: An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2014-6593
DESCRIPTION: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
IBM MessageSight V1.2 and earlier
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM MessageSight| 1.1| IT07005| 1.1.0.1-IBM-IMA-IFIT07005
IBM MessageSight| 1.2| IT07005| 1.2.0.0-IBM-IMA-IFIT07005