There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 and 8 used by Install Agent in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs.
CVEID:CVE-2020-14579
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185057 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2020-14578
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185056 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2020-14577
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185055 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2019-17639
**DESCRIPTION:**Eclipse OpenJ9 could allow a remote attacker to obtain sensitive information, caused by the premature return of the current method with an undefined return value. By invoking the System.arraycopy method with a length longer than the length of the source or destination array can, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185437 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
Sterling Connect Direct for Microsoft Windows | 4.7.0.7 - 4.7.0.7_iFix020 |
IBM Sterling Connect Direct for Microsoft Windows | 4.8.0.3 - 4.8.0.3_iFix027 |
IBM Connect Direct for Microsoft Windows | 6.0.0.3 - 6.0.0.4_iFix027 |
IBM Connect Direct for Microsoft Windows | 6.1.0.0 - 6.1.0.2_iFix002 |
Affected Product(s) | Version(s) | APAR | Remediation / First Fix |
---|---|---|---|
Sterling Connect Direct for Microsoft Windows | 4.7 | IT36157 | Apply 4.7.0.7_iFix021, available on Fix Central |
IBM Sterling Connect Direct for Microsoft Windows | 4.8 | IT36157 | Apply 4.8.0.3_iFix028, available on Fix Central |
IBM Connect Direct for Microsoft Windows | 6.0 | IT36157 | Apply 6.0.0.4_iFix028, available on Fix Central |
IBM Connect Direct for Microsoft Windows | 6.1 | ||
IT36157 | Apply 6.1.0.2_iFix003, available on Fix Central |
For unsupported versions IBM recommends upgrading to a fixed, supported version of the product.
None