Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM10EF79AC52F94215AAE9A9390071778FDE4F6F8BF449438F29D04F1AC5201E39
HistoryJun 16, 2018 - 9:38 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

2018-06-1621:38:46
www.ibm.com
16

0.286 Low

EPSS

Percentile

96.9%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM Security Guardium (versions 9x and 10 respectively). These issues were disclosed as part of the IBM Java SDK updates for October 2015.

Vulnerability Details

CVEID: CVE-2015-4868**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Libraries component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 7.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107348&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-4810**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 6.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107349&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-4806**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Libraries component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 6.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107350&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVEID: CVE-2015-4871**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Libraries component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107351&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVEID: CVE-2015-4902**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107352&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-4872**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107361&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-4911**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JAXP component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107360&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-4893**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JAXP component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107359&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-4840**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the 2D component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107353&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-4842**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the JAXP component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107355&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-4882**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the CORBA component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107354&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-4903**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the RMI component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107357&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-4803**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JAXP component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107358&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-4734**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the JGSS component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107356&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-5006**
DESCRIPTION:** IBM Java Security Components could allow an attacker with physical access to the system to obtain sensitive information from the Kerberos Credential Cache.
CVSS Base Score: 4.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/106309&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2015-4844**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107346&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-4843**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Libraries component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107342&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-4805**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Serialization component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107345&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-4860**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the RMI component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107344&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-4883**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the RMI component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107343&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-4881**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the CORBA component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107341&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-4835**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the CORBA component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107340&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Affected Products and Versions

IBM Security Guardium 9x
IBM Security Guardium 10

Remediation/Fixes

IBM InfoSphere Guardium

| 9.x| PSIRT 63859| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Security%2BSystems&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p6017_SecurityUpdate&includeSupersedes=0&source=fc
_ _
—|—|—|—
IBM InfoSphere Guardium | 10| PSIRT 63859| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Security%2BSystems&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p6017_SecurityUpdate&includeSupersedes=0&source=fc

Get Notified about Future Security Bulletins

Subscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html&gt;) to be notified of important product support alerts like this.

References

Complete CVSS v2 Guide
On-line Calculator v2

Complete CVSS v3 Guide
On-line Calculator v3

Off

Complete CVSS v3 Guide
On-line Calculator v3

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES ““AS IS”” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. “Affected Products and Versions” referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

[{“Product”:{“code”:“SSMPHH”,“label”:“IBM Security Guardium”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:“Not Applicable”,“Platform”:[{“code”:“PF016”,“label”:“Linux”}],“Version”:“10.0;9.0;9.1;9.5”,“Edition”:“”,“Line of Business”:{“code”:“LOB24”,“label”:“Security Software”}}]

Related

ibm 23
nessus 54
archlinux 6
redhat 12
openvas 46
suse 17
amazon 3
ubuntu 2
oraclelinux 4
centos 4
debian 3
veracode 19
mageia 1
aix 1
kaspersky 1
freebsd 1
f5 2
ibm
ibm
Security Bulletin: Multiple Java Vulnerabilities fixed in IBM Security Directory Server
2018-06-16 21:39:03
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection
2018-06-16 21:38:16
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i.
2019-12-18 14:26:38
nessus
nessus
RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2015:2506)
2015-11-24 00:00:00
Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2015-1920)
2015-10-22 00:00:00
RHEL 5 : java-1.7.0-ibm (RHSA-2015:2507)
2015-11-24 00:00:00
archlinux
archlinux
jdk7-openjdk: multiple issues
2015-10-23 00:00:00
jre7-openjdk-headless: multiple issues
2015-10-23 00:00:00
jre7-openjdk: multiple issues
2015-10-23 00:00:00
redhat
redhat
(RHSA-2015:1928) Important: java-1.6.0-sun security update
2015-10-22 18:21:17
(RHSA-2015:2507) Critical: java-1.7.0-ibm security update
2015-11-23 00:00:00
(RHSA-2015:2509) Critical: java-1.8.0-ibm security update
2015-11-23 12:28:59
openvas
openvas
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 (Oct 2015) - Linux
2015-10-27 00:00:00
Oracle: Security Advisory (ELSA-2015-1921)
2015-10-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1874-1)
2021-04-19 00:00:00
suse
suse
Security update for java-1_7_0-openjdk (important)
2015-11-04 17:12:29
Security update for java-1_7_0-openjdk (important)
2015-11-04 16:14:26
Security update for java-1_7_0-openjdk (important)
2015-11-02 16:34:56
amazon
amazon
Critical: java-1.7.0-openjdk
2015-10-27 13:52:00
Important: java-1.6.0-openjdk
2015-12-14 10:00:00
Important: java-1.8.0-openjdk
2015-10-27 16:39:00
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2015-10-28 00:00:00
OpenJDK 6 vulnerabilities
2015-12-03 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2015-10-21 00:00:00
java-1.7.0-openjdk security update
2015-10-21 00:00:00
java-1.8.0-openjdk security update
2015-10-21 00:00:00
centos
centos
java security update
2015-10-21 23:24:30
java security update
2015-10-21 23:14:14
java security update
2015-10-21 23:13:49
debian
debian
[SECURITY] [DSA 3381-2] openjdk-7 security update
2015-11-01 22:21:57
[SECURITY] [DSA 3381-1] openjdk-7 security update
2015-10-27 21:21:20
[SECURITY] [DLA 346-1] openjdk-6 security update
2015-11-24 08:56:52
veracode
veracode
Authentication Bypass
2019-05-02 05:19:32
Information Disclosure
2019-05-02 05:19:32
Authentication Bypass
2019-05-02 05:19:32
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2015-10-25 19:34:48
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2015-12-10 08:51:54
kaspersky
kaspersky
KLA10683 Multiple vulnerabilities in Oracle Java SE
2015-10-20 00:00:00
freebsd
freebsd
java -- multiple vulnerabilities
2015-10-20 00:00:00
f5
f5
Multiple Java vulnerabilities
2015-11-26 18:23:00
SOL05200155 - Multiple Java vulnerabilities
2015-11-26 00:00:00

0.286 Low

EPSS

Percentile

96.9%

JSON
Related for 10EF79AC52F94215AAE9A9390071778FDE4F6F8BF449438F29D04F1AC5201E39
ibm23nessus54archlinux6redhat12openvas46suse17amazon3ubuntu2oraclelinux4centos4debian3veracode19mageia1aix1kaspersky1freebsd1f52