There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by Tivoli Security Policy Manager (TSPM). TSPM has addressed the applicable CVEs. These issues were also addressed by IBM WebSphere Application Server shipped with TSPM.
If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. Please refer to the IBM Java SDK Security Bulletin, located in the References section, for more information.
|
CVEID: CVE-2017-10102
DESCRIPTION: An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128863 for the current score.
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2017-10116
DESCRIPTION: An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128877 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2017-10115
DESCRIPTION: An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128876 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
—|—
Product Version
| WebSphere version
—|—
TSPM 7.1| WAS V6.1, V7.0
Product Version | WebSphere version |
---|---|
RTSS 7.1 | WAS V6.1, 7,0, 8.0 |
Note: TSPM is comprised of TSPM and Runtime Security Services (RTSS).
Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server shipped with TSPM:
Principal Product and Version(s) | Affected Supporting Product and Version | Affected Supporting Product Security Bulletin |
---|---|---|
Tivoli Security Policy Manager, V7.1 | WAS V6.1, V7.0 | Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2017 CPU |
None.
CPE | Name | Operator | Version |
---|---|---|---|
tivoli security policy manager | eq | 7.1 |