There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 7 and 8 that is used by IBM Control Center. This issue was disclosed as part of the IBM Java SDK updates in October 2018 and January 2019.
CVEID: CVE-2018-3180
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 5.6
CVSS Temporal Score: See[ ](<See https://exchange.xforce.ibmcloud.com/vulnerabilities/151497>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score
CVSS Environmental Score*: 4.9
CVSS Vector: (CVSS:3.0/ AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
VEID: CVE-2018-1890
DESCRIPTION: BM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score
CVSS Environmental Score*: 1.8
CVSS Vector: (CVSS:3.0/ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
IBM Control Center 6.0.0.0 through 6.0.0.2 iFix05
IBM Control Center 6.1.0.0 through 6.1.2.0 iFix01
Product
|
VRMF
|
iFix
|
APAR
|
Remediation / First Fix
—|—|—|—|—
IBM Control Center
|
6.0.0.2
|
iFix06
|
IT28645
|
IBM Control Center
|
6.1.2.0
|
iFix02
|
IT28646
|
None.
CPE | Name | Operator | Version |
---|---|---|---|
ibm control center | eq | any |