Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM05A8F2E1B6274309D200B691C3FFA649E531D6AEB2C7195282A6AA8FC98D1F17
HistoryJun 15, 2018 - 7:07 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Support Assistant Team Server

2018-06-1507:07:25
www.ibm.com
11

0.005 Low

EPSS

Percentile

77.1%

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8.0 used by IBM Support Assistant Team Server. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017.

Vulnerability Details

If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for “IBM Java SDK Security Bulletin" located in the “References” section for more information.
**** CVEID:CVE-2016-5547 DESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120871 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116337 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Support Assistant Team Server version 5.0.0 - 5.0.2.3

Remediation/Fixes

The recommended solution is to install the new IBM Support Assistant Team Server 5.0.2.4.
** **For V5.0.0 through 5.0.2.3 IBM recommends upgrading to IBM Support Assistant Team Server 5.0.2.4

Workarounds and Mitigations

None

Related

ibm 130
veracode 3
prion 2
ubuntucve 2
cve 2
debiancve 1
cvelist 2
nvd 3
nessus 17
openvas 9
hackerone 7
checkpoint_advisories 1
alpinelinux 1
cloudfoundry 1
attackerkb 1
redhat 5
f5 2
oraclelinux 1
osv 2
openssl 1
threatpost 1
github 1
centos 1
kaspersky 1
fortinet 1
exploitpack 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light
2018-06-15 07:07:05
Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM SPSS Statistics (CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183)
2018-06-16 13:48:00
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Service Tester.
2018-06-17 05:22:04
veracode
veracode
Unauthenticated Access
2019-05-02 06:09:31
Weak Encryption
2019-01-15 09:15:57
Information Disclosure
2017-01-09 02:06:31
prion
prion
Design/Logic Flaw
2017-01-27 22:59:00
Design/Logic Flaw
2016-09-01 00:59:00
ubuntucve
ubuntucve
CVE-2016-5547
2016-12-31 00:00:00
CVE-2016-2183
2016-08-31 00:00:00
cve
cve
CVE-2016-5547
2017-01-27 22:59:00
CVE-2016-2183
2016-09-01 00:59:00
debiancve
debiancve
CVE-2016-5547
2017-01-27 22:59:00
cvelist
cvelist
CVE-2016-5547
2017-01-27 22:01:00
CVE-2016-2183
2016-09-01 00:00:00
nvd
nvd
CVE-2016-5547
2017-01-27 22:59:00
CVE-2016-2183
2016-09-01 00:59:00
CVE-2023-0296
2023-01-17 21:15:15
nessus
nessus
SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2017:0719-1)
2017-03-20 00:00:00
F5 Networks BIG-IP : OpenSSL vulnerability (K13167034)
2017-03-02 00:00:00
SSL Medium Strength Cipher Suites Supported (SWEET32)
2009-11-23 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:0719-1)
2021-06-09 00:00:00
Python < 2.7.13, 3.4.x < 3.4.7, 3.5.x < 3.5.3 Sweet32 attack (bpo-27850) - Linux
2021-11-01 00:00:00
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2016-1090)
2020-01-23 00:00:00
hackerone
hackerone
Legal Robot: SWEET32 TLS attack
2017-01-18 18:03:52
Udemy: sweet32
2017-03-31 12:18:22
Yelp: Yelp.com is vulnerable to SWEET32 attack
2017-01-18 17:43:32
checkpoint_advisories
checkpoint_advisories
Weak SSL 3DES Cipher Suites (CVE-2016-2183)
2016-09-25 00:00:00
alpinelinux
alpinelinux
CVE-2016-2183
2016-09-01 00:59:00
cloudfoundry
cloudfoundry
CVE-2016-2183: Birthday attacks against TLS ciphers with 64bit block size | Cloud Foundry
2019-10-24 00:00:00
attackerkb
attackerkb
CVE-2016-2183
2016-09-01 00:00:00
redhat
redhat
(RHSA-2019:2859) Moderate: OpenShift Container Platform 4.1.18 security update
2019-09-27 00:13:12
(RHSA-2019:1245) Moderate: Red Hat Quay 3.0.2 security and bug fix update
2019-05-20 14:11:05
(RHSA-2017:0462) Moderate: java-1.8.0-ibm security update
2017-03-08 11:18:03
f5
f5
SOL13167034 - OpenSSL vulnerability CVE-2016-2183
2016-10-04 00:00:00
K13167034 : OpenSSL vulnerability CVE-2016-2183
2016-10-04 00:00:00
oraclelinux
oraclelinux
python security update
2018-07-03 00:00:00
osv
osv
CVE-2016-2183
2016-09-01 00:59:00
Kyverno vulnerable due to usage of insecure cipher
2023-05-30 20:07:06
openssl
openssl
Vulnerability in OpenSSL CVE-2016-2183
2016-08-24 00:00:00
threatpost
threatpost
New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption
2016-08-24 08:00:39
github
github
Kyverno vulnerable due to usage of insecure cipher
2023-05-30 20:07:06
centos
centos
python, tkinter security update
2018-07-13 16:28:09
kaspersky
kaspersky
KLA10958 Multiple vulnerabilities in Oracle Java SE
2017-01-27 00:00:00
fortinet
fortinet
Protect
2019-02-07 00:00:00
exploitpack
exploitpack
IBM Informix Dynamic Server Informix Open Admin Tool - DLL Injection Remote Code Execution Heap Buffer Overflow
2017-05-30 00:00:00

0.005 Low

EPSS

Percentile

77.1%

JSON
Related for 05A8F2E1B6274309D200B691C3FFA649E531D6AEB2C7195282A6AA8FC98D1F17
ibm130veracode3prion2ubuntucve2cve2debiancve1cvelist2nvd3nessus17openvas9hackerone7checkpoint_advisories1alpinelinux1cloudfoundry1attackerkb1redhat5f52oraclelinux1osv2openssl1threatpost1github1centos1kaspersky1fortinet1exploitpack1