Security Bulletin: A Vulnerability in the Java runtime environment that IBM provides affects WebSphere DataPower XC10 Appliance

2018-09-1215:50:32

www.ibm.com

EPSS

0.003

Percentile

66.4%

JSON

Summary

There is a vulnerability in IBM® Runtime Environment Java™ Version 7 that affects the WebSphere DataPower XC10 Appliance. This issue was disclosed as part of the IBM SDK, Java™ Technology Edition updates in April 2018.

Vulnerability Details

CVEID: CVE-2018-2783 DESCRIPTION: An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

WebSphere DataPower XC10 Appliance Version 2.5

Remediation/Fixes

Product	VRMF	APAR	Remediation/First Fix
WebSphere DataPower XC10 Appliance V2.5 on appliance 7199-92X	Version 2.5 with SSD drivers
Important: See More Information link and follow instructions to determine if you have an old or newer SSD driver on your appliance using the `show ssd-version` command.	IT25655	Refer to theVersion 2.5 table in Recommended fixes for WebSphere DataPower XC10 Appliance.
WebSphere DataPower XC10 Appliance V2.5 virtual image	2.5	IT25655	Refer to the Version 2.5 table in Recommended fixes for WebSphere DataPower XC10 Appliance.