Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM0CFFBB28495925D8A13A06FF1EEE34923E83D8EC534C0E1F6C1EC5A4FD8925E2
HistoryJun 18, 2018 - 12:35 a.m.

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700 - July 2017

2018-06-1800:35:43
www.ibm.com
9

0.002 Low

EPSS

Percentile

59.7%

JSON

Summary

There are multiple vulnerabilities in IBM SDK, Java Technology Edition, Versions 6, 7 and 8, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in July 2017.

Vulnerability Details

CVEID: CVE-2017-10067**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Security component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128831 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-10115**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128876 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2017-10116**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128877 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

Affected Products and Versions

All versions of microcode for the IBM Virtualization Engine TS7700 (3957-V06, 3957-V07, 3957-VEA, 3957-VEB, 3957-VEC) prior to and including the following are affected:

Machine Type

| Model|Version
—|—|—
3957| V06| 8.21.0.178
3957| VEA| 8.21.0.178
3957| V07| 8.41.101.10
3957| VEB| 8.41.101.10
3957| VEC| 8.41.101.10

Remediation/Fixes

Contact IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode level followed by the installation of VTD_EXEC.269. Minimum microcode levels are shown below:

Machine Type

| Model|Fix
—|—|—
3957| V06| Upgrade to 8.21.0.178 + VTD_EXEC.269
3957| VEA| Upgrade to 8.21.0.178 + VTD_EXEC.269
3957| V07| Upgrade to 8.33.2.9 + VTD_EXEC.269
-OR-
Upgrade to 8.40.2.12 + VTD_EXEC.269
-OR-
Upgrade to 8.41.101.10 + VTD_EXEC.269
3957| VEB| Upgrade to 8.33.2.9 + VTD_EXEC.269
-OR-
Upgrade to 8.40.2.12 + VTD_EXEC.269
-OR-
Upgrade to 8.41.101.10 + VTD_EXEC.269
3957| VEC| Upgrade to 8.40.2.12 + VTD_EXEC.269
-OR-
Upgrade to 8.41.101.10 + VTD_EXEC.269

The minimum VTD_EXEC version is shown below:

VTD_EXEC Package Version
VTD_EXEC.269 v1.05

Workarounds and Mitigations

Although IBM recommends that you upgrade to the fixes identified above, you can mitigate, but not eliminate the risk of these vulnerabilities by restricting physical and network access to the TS7700 to authorized users and IBM Service Personnel only.

Related

ibm 98
prion 3
cvelist 3
debiancve 3
cve 3
ubuntucve 3
veracode 3
nvd 3
f5 2
nessus 31
redhat 7
amazon 2
ics 1
openvas 20
oraclelinux 2
centos 2
osv 3
debian 3
mageia 1
suse 3
ubuntu 2
aix 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Streams
2018-06-16 14:17:38
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server for Bluemix July 2017 CPU
2018-06-15 07:08:02
Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director.
2018-06-18 01:38:36
prion
prion
Code injection
2017-08-08 15:29:00
Design/Logic Flaw
2017-08-08 15:29:00
Code injection
2017-08-08 15:29:00
cvelist
cvelist
CVE-2017-10116
2017-08-08 15:00:00
CVE-2017-10067
2017-08-08 15:00:00
CVE-2017-10115
2017-08-08 15:00:00
debiancve
debiancve
CVE-2017-10067
2017-08-08 15:29:02
CVE-2017-10115
2017-08-08 15:29:03
CVE-2017-10116
2017-08-08 15:29:03
cve
cve
CVE-2017-10116
2017-08-08 15:29:03
CVE-2017-10067
2017-08-08 15:29:02
CVE-2017-10115
2017-08-08 15:29:03
ubuntucve
ubuntucve
CVE-2017-10116
2017-07-20 00:00:00
CVE-2017-10067
2017-07-20 00:00:00
CVE-2017-10115
2017-07-20 00:00:00
veracode
veracode
Privilege Escalation
2019-05-02 06:30:38
Privilege Escalation
2019-05-02 06:30:40
Privilege Escalation
2019-05-02 06:30:40
nvd
nvd
CVE-2017-10067
2017-08-08 15:29:02
CVE-2017-10115
2017-08-08 15:29:03
CVE-2017-10116
2017-08-08 15:29:03
f5
f5
K91024405 : Java SE vulnerability CVE-2017-10115
2017-10-12 00:00:00
K35104614 : Java SE vulnerability CVE-2017-10116
2017-11-02 00:00:00
nessus
nessus
RHEL 6 : java-1.6.0-ibm (RHSA-2017:2530)
2017-08-25 00:00:00
Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2017-860)
2017-07-26 00:00:00
EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2017-1207)
2017-09-11 00:00:00
redhat
redhat
(RHSA-2017:2530) Critical: java-1.6.0-ibm security update
2017-08-23 09:00:41
(RHSA-2017:2481) Critical: java-1.7.1-ibm security update
2017-08-15 19:33:56
(RHSA-2017:2424) Critical: java-1.7.0-openjdk security update
2017-08-07 12:19:22
amazon
amazon
Critical: java-1.8.0-openjdk
2017-07-25 17:54:00
Critical: java-1.7.0-openjdk
2017-08-15 17:30:00
ics
ics
PHOENIX CONTACT mGuard Device Manager
2017-09-19 12:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2017-1207)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2017-1208)
2020-01-23 00:00:00
RedHat Update for java-1.7.0-openjdk RHSA-2017:2424-01
2017-08-08 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2017-08-09 00:00:00
java-1.8.0-openjdk security update
2017-07-20 00:00:00
centos
centos
java security update
2017-08-15 20:23:35
java security update
2017-07-21 10:40:59
osv
osv
openjdk-7 - security update
2017-08-25 00:00:00
openjdk-7 - security update
2017-08-29 00:00:00
openjdk-8 - security update
2017-07-25 00:00:00
debian
debian
[SECURITY] [DSA 3954-1] openjdk-7 security update
2017-08-25 19:59:27
[SECURITY] [DSA 3919-1] openjdk-8 security update
2017-07-25 20:04:45
[SECURITY] [DLA 1073-1] openjdk-7 security update
2017-08-28 22:13:19
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2017-07-30 18:58:51
suse
suse
Security update for java-1_7_1-ibm (important)
2017-08-29 12:09:29
Security update for java-1_7_1-ibm (important)
2017-08-29 12:10:00
Security update for java-1_8_0-ibm (important)
2017-08-25 18:23:03
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2017-08-18 00:00:00
OpenJDK 8 regression
2017-07-31 00:00:00
aix
aix
There are multiple vulnerabilities in IBM SDK Java Technology Edition
2017-09-01 08:58:20

0.002 Low

EPSS

Percentile

59.7%

JSON
Related for 0CFFBB28495925D8A13A06FF1EEE34923E83D8EC534C0E1F6C1EC5A4FD8925E2
ibm98prion3cvelist3debiancve3cve3ubuntucve3veracode3nvd3f52nessus31redhat7amazon2ics1openvas20oraclelinux2centos2osv3debian3mageia1suse3ubuntu2aix1