Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2074430FA94A5CD554B789382CC458C8EDA728B391338CD7068EE4857C3E9CBE
HistoryOct 24, 2019 - 4:16 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack

2019-10-2404:16:36
www.ibm.com
18

0.083 Low

EPSS

Percentile

94.4%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0.10.35, that is used by IBM Cloud Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2019.

Vulnerability Details

CVEID: CVE-2019-2698 DESCRIPTION: An unspecified vulnerability related to the Java SE 2D component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/159790 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2019-2697 DESCRIPTION: An unspecified vulnerability related to the Java SE 2D component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/159789 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2019-2602 DESCRIPTION: An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/159698 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2019-2684 DESCRIPTION: An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/159776 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2019-10245 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a denial of service, caused by the execution of a method past the end of bytecode array by the Java bytecode verifier. A remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/160010 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product Name Affected Versions
IBM Cloud Manager with OpenStack 4.3

Remediation/Fixes

Product VRMF Remediation / First Fix
IBM Cloud Manager with OpenStack 4.3

Upgrade to 4.3 FP 14:

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.3.0.14-IBM-CMWO-FP14&source=SAR&function=fixId&parent=ibm/Other%20software

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud manager with openstackeq4.3

Related

nessus 66
openvas 31
ibm 51
redhat 13
aix 1
ubuntu 1
amazon 3
kaspersky 1
debian 2
osv 3
centos 5
oraclelinux 7
mageia 1
photon 3
suse 4
f5 1
prion 1
cvelist 1
veracode 1
cve 1
redhatcve 1
nvd 1
nessus
nessus
SUSE SLED15 / SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2019:1308-2)
2019-06-28 00:00:00
RHEL 6 : java-1.8.0-ibm (RHSA-2019:1163)
2019-05-14 00:00:00
SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2019:1644-1)
2019-06-24 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:1345-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1644-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1308-2)
2021-06-09 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF
2019-06-21 19:20:01
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i
2019-12-18 14:26:38
Security Bulletin: Multiple vulnerabilities in IBM® Java™ SDK and IBM® Java™ Runtime affect IBM® Intelligent Operations Center products
2019-08-16 10:34:03
redhat
redhat
(RHSA-2019:1164) Important: java-1.8.0-ibm security update
2019-05-13 20:58:02
(RHSA-2019:1166) Important: java-1.7.1-ibm security update
2019-05-13 20:58:23
(RHSA-2019:1163) Important: java-1.8.0-ibm security update
2019-05-13 20:57:53
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2019-06-28 13:47:27
ubuntu
ubuntu
OpenJDK vulnerabilities
2019-05-13 00:00:00
amazon
amazon
Important: java-11-amazon-corretto
2019-06-11 23:21:00
Important: java-1.7.0-openjdk
2019-05-16 21:42:00
Important: java-1.8.0-openjdk
2019-08-07 23:35:00
kaspersky
kaspersky
KLA11470 Multiple vulnerabilities in Oracle Java SE
2019-04-16 00:00:00
debian
debian
[SECURITY] [DSA 4453-1] openjdk-8 security update
2019-05-29 21:15:56
[SECURITY] [DLA 1782-1] openjdk-7 security update
2019-05-10 16:39:02
osv
osv
openjdk-8 - security update
2019-05-29 00:00:00
openjdk-7 - security update
2019-05-10 00:00:00
CVE-2019-10245
2019-04-19 14:29:00
centos
centos
java security update
2019-04-19 18:53:44
java security update
2019-04-22 22:45:55
java security update
2019-04-22 22:47:39
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2019-04-22 00:00:00
java-1.8.0-openjdk security update
2019-04-17 00:00:00
java-1.8.0-openjdk security and bug fix update
2019-04-17 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerability
2019-05-08 00:38:09
photon
photon
Important Photon OS Security Update - PHSA-2019-0232
2019-05-09 00:00:00
Critical Photon OS Security Update - PHSA-2019-0014
2019-05-11 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0159
2019-05-10 00:00:00
suse
suse
Security update for java-1_8_0-openjdk (important)
2019-05-23 00:00:00
Security update for java-11-openjdk (moderate)
2019-05-04 00:00:00
Security update for java-1_7_0-openjdk (moderate)
2019-06-03 00:00:00
f5
f5
K07519400 : Java SE vulnerabilities CVE-2019-2602, CVE-2019-2698, CVE-2019-2945, and CVE-2019-2962
2022-06-10 00:00:00
prion
prion
Code injection
2019-04-19 14:29:00
cvelist
cvelist
CVE-2019-10245
2019-04-19 13:43:31
veracode
veracode
Denial Of Service
2019-05-16 04:17:27
cve
cve
CVE-2019-10245
2019-04-19 14:29:00
redhatcve
redhatcve
CVE-2019-10245
2019-10-13 19:59:00
nvd
nvd
CVE-2019-10245
2019-04-19 14:29:00

0.083 Low

EPSS

Percentile

94.4%

JSON
Related for 2074430FA94A5CD554B789382CC458C8EDA728B391338CD7068EE4857C3E9CBE
nessus66openvas31ibm51redhat13aix1ubuntu1amazon3kaspersky1debian2osv3centos5oraclelinux7mageia1photon3suse4f51prion1cvelist1veracode1cve1redhatcve1nvd1