Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM36F644EEAE4513871E9887BA25F3311DD7179E5F76950D932F2F4E3C52D4F660
HistoryJan 16, 2019 - 10:10 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2018-2579, CVE-2018-2603, CVE-2018-2783)

2019-01-1622:10:01
www.ibm.com
13

0.003 Low

EPSS

Percentile

71.3%

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by the IBM Spectrum Protect Server. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018.
UPDATED 1/16/2019: Changed “First Fixing VRM Level” in Remediation/Fixes table for 8.1 from 8.1.6 to 8.1.6.100.

Vulnerability Details

CVEID: CVE-2018-2579 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2018-2603 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-2783 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

This vulnerability affects the IBM Spectrum Protect Server levels 8.1.3.0 through 8.1.5.x.

Note that releases 8.1.3.0 and below of the IBM Spectrum Protect (formerly Tivoli Storage Manager) Server are not affected.

Remediation/Fixes

BM Spectrum Protect Server Release |First Fixing
VRM Level|Platform|_Link to Fix _
—|—|—|—
8.1 | 8.1.6.100 |

AIX
Linux
Windows

|

<ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/server&gt;

.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm spectrum protecteq8.1

Related

ibm 149
nvd 3
cve 3
ubuntucve 3
cvelist 3
debiancve 3
prion 3
redhatcve 3
veracode 3
openvas 8
f5 1
nessus 11
redhat 4
suse 1
centos 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2018-2579, CVE-2018-2693, CVE-2018-2783)
2018-08-28 00:04:56
Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware (CVE-2018-2579, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633, CVE-2018-2783)
2022-02-01 11:19:59
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest
2018-08-09 16:40:25
nvd
nvd
CVE-2018-2579
2018-01-18 02:29:18
CVE-2018-2603
2018-01-18 02:29:19
CVE-2018-2783
2018-04-19 02:29:03
cve
cve
CVE-2018-2579
2018-01-18 02:29:18
CVE-2018-2783
2018-04-19 02:29:03
CVE-2018-2603
2018-01-18 02:29:19
ubuntucve
ubuntucve
CVE-2018-2579
2018-01-17 00:00:00
CVE-2018-2783
2018-04-18 00:00:00
CVE-2018-2603
2018-01-17 00:00:00
cvelist
cvelist
CVE-2018-2579
2018-01-18 02:00:00
CVE-2018-2783
2018-04-19 02:00:00
CVE-2018-2603
2018-01-18 02:00:00
debiancve
debiancve
CVE-2018-2579
2018-01-18 02:29:18
CVE-2018-2783
2018-04-19 02:29:03
CVE-2018-2603
2018-01-18 02:29:19
prion
prion
Design/Logic Flaw
2018-01-18 02:29:00
Design/Logic Flaw
2018-04-19 02:29:00
Design/Logic Flaw
2018-01-18 02:29:00
redhatcve
redhatcve
CVE-2018-2783
2019-10-10 04:11:28
CVE-2018-2579
2019-10-23 12:50:14
CVE-2018-2603
2019-10-11 10:17:03
veracode
veracode
Information Disclosure
2019-01-15 09:20:22
Authorization Bypass
2019-01-15 09:23:40
Improper Access Control
2019-05-16 02:18:41
openvas
openvas
Oracle Java SE Security Updates (apr2018-3678067) 01 - Windows
2018-04-18 00:00:00
Oracle Java SE Security Updates (apr2018-3678067) 01 - Linux
2018-04-19 00:00:00
Oracle Java SE Security Updates (jan2018-3236628) 03 - Windows
2018-01-17 00:00:00
f5
f5
K44923228 : Oracle Java SE vulnerability CVE-2018-2783
2018-05-10 00:00:00
nessus
nessus
F5 Networks BIG-IP : Oracle Java SE vulnerability (K44923228)
2018-11-02 00:00:00
RHEL 7 : java-1.7.0-oracle (RHSA-2018:0100)
2018-01-19 00:00:00
Oracle JRockit R28.3.16 Multiple Vulnerabilities (January 2018 CPU)
2018-01-18 00:00:00
redhat
redhat
(RHSA-2018:0100) Important: java-1.7.0-oracle security update
2018-01-18 21:10:33
(RHSA-2018:0099) Critical: java-1.8.0-oracle security update
2018-01-18 21:10:05
(RHSA-2018:0115) Important: java-1.6.0-sun security update
2018-01-22 20:29:11
suse
suse
Security update for java-1_8_0-openjdk (important)
2018-03-15 03:07:22
centos
centos
java security update
2018-01-18 12:01:26

0.003 Low

EPSS

Percentile

71.3%

JSON
Related for 36F644EEAE4513871E9887BA25F3311DD7179E5F76950D932F2F4E3C52D4F660
ibm149nvd3cve3ubuntucve3cvelist3debiancve3prion3redhatcve3veracode3openvas8f51nessus11redhat4suse1centos1