Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5732370F4F8B5D39FBC3A44413C65B26F02167FF38729A805C868D677C534946
HistoryJun 16, 2018 - 10:02 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Tivoli Security Policy Manager

2018-06-1622:02:02
www.ibm.com
24

0.002 Low

EPSS

Percentile

59.7%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by Tivoli Security Policy Manager (TSPM). TSPM has addressed the applicable CVEs. These issues were also addressed by IBM WebSphere Application Server shipped with TSPM.

Vulnerability Details

If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. Please refer to the IBM Java SDK Security Bulletin, located in the References section, for more information.

|
CVEID: CVE-2017-10102
DESCRIPTION: An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128863 for the current score.
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVEID: CVE-2017-10116
DESCRIPTION: An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128877 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2017-10115
DESCRIPTION: An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128876 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
—|—

Affected Products and Versions

Product Version

| WebSphere version
—|—
TSPM 7.1| WAS V6.1, V7.0

Product Version WebSphere version
RTSS 7.1 WAS V6.1, 7,0, 8.0

Note: TSPM is comprised of TSPM and Runtime Security Services (RTSS).

Remediation/Fixes

Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server shipped with TSPM:

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin
Tivoli Security Policy Manager, V7.1 WAS V6.1, V7.0 Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2017 CPU

Workarounds and Mitigations

None.

CPENameOperatorVersion
tivoli security policy managereq7.1

Related

ibm 98
prion 3
ubuntucve 3
f5 3
cvelist 3
veracode 3
cve 3
nvd 3
debiancve 3
ics 1
nessus 30
redhat 7
amazon 2
openvas 20
oraclelinux 2
centos 2
mageia 1
suse 3
ubuntu 2
aix 1
osv 3
debian 3
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, versions 6, 7, & 8 affect Transformation Extender
2018-08-09 03:24:58
Security Bulletin: Multiple Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository (CVE-2017-10102, CVE-2017-10116, CVE-2017-10115)
2018-06-15 07:08:03
Security Bulletin: Multiple security vulnerabilities has been identified in IBM® Java SDK which affects Websphere Application Server shipped with Tivoli Integrated Portal
2018-06-17 15:46:35
prion
prion
Design/Logic Flaw
2017-08-08 15:29:00
Design/Logic Flaw
2017-08-08 15:29:00
Code injection
2017-08-08 15:29:00
ubuntucve
ubuntucve
CVE-2017-10102
2017-07-20 00:00:00
CVE-2017-10116
2017-07-20 00:00:00
CVE-2017-10115
2017-07-20 00:00:00
f5
f5
K11936401 : Java SE vulnerability CVE-2017-10102
2017-10-12 00:00:00
K35104614 : Java SE vulnerability CVE-2017-10116
2017-11-02 00:00:00
K91024405 : Java SE vulnerability CVE-2017-10115
2017-10-12 00:00:00
cvelist
cvelist
CVE-2017-10116
2017-08-08 15:00:00
CVE-2017-10115
2017-08-08 15:00:00
CVE-2017-10102
2017-08-08 15:00:00
veracode
veracode
Privilege Escalation
2019-05-02 06:30:40
Privilege Escalation
2019-05-02 06:30:40
Privilege Escalation
2019-05-02 06:30:40
cve
cve
CVE-2017-10102
2017-08-08 15:29:03
CVE-2017-10116
2017-08-08 15:29:03
CVE-2017-10115
2017-08-08 15:29:03
nvd
nvd
CVE-2017-10115
2017-08-08 15:29:03
CVE-2017-10116
2017-08-08 15:29:03
CVE-2017-10102
2017-08-08 15:29:03
debiancve
debiancve
CVE-2017-10115
2017-08-08 15:29:03
CVE-2017-10102
2017-08-08 15:29:03
CVE-2017-10116
2017-08-08 15:29:03
ics
ics
PHOENIX CONTACT mGuard Device Manager
2017-09-19 12:00:00
nessus
nessus
RHEL 6 : java-1.6.0-ibm (RHSA-2017:2530)
2017-08-25 00:00:00
Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2017-860)
2017-07-26 00:00:00
Oracle JRockit R28.3.14 Multiple Vulnerabilities (July 2017 CPU)
2017-07-20 00:00:00
redhat
redhat
(RHSA-2017:2530) Critical: java-1.6.0-ibm security update
2017-08-23 09:00:41
(RHSA-2017:2481) Critical: java-1.7.1-ibm security update
2017-08-15 19:33:56
(RHSA-2017:2424) Critical: java-1.7.0-openjdk security update
2017-08-07 12:19:22
amazon
amazon
Critical: java-1.8.0-openjdk
2017-07-25 17:54:00
Critical: java-1.7.0-openjdk
2017-08-15 17:30:00
openvas
openvas
Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2017-1208)
2020-01-23 00:00:00
RedHat Update for java-1.7.0-openjdk RHSA-2017:2424-01
2017-08-08 00:00:00
CentOS Update for java CESA-2017:2424 centos6
2017-08-16 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2017-08-09 00:00:00
java-1.8.0-openjdk security update
2017-07-20 00:00:00
centos
centos
java security update
2017-08-15 20:23:35
java security update
2017-07-21 10:40:59
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2017-07-30 18:58:51
suse
suse
Security update for java-1_7_1-ibm (important)
2017-08-29 12:09:29
Security update for java-1_7_1-ibm (important)
2017-08-29 12:10:00
Security update for java-1_8_0-ibm (important)
2017-08-25 18:23:03
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2017-08-18 00:00:00
OpenJDK 8 regression
2017-07-31 00:00:00
aix
aix
There are multiple vulnerabilities in IBM SDK Java Technology Edition
2017-09-01 08:58:20
osv
osv
openjdk-7 - security update
2017-08-29 00:00:00
openjdk-7 - security update
2017-08-25 00:00:00
openjdk-8 - security update
2017-07-25 00:00:00
debian
debian
[SECURITY] [DLA 1073-1] openjdk-7 security update
2017-08-28 22:13:19
[SECURITY] [DSA 3954-1] openjdk-7 security update
2017-08-25 19:59:27
[SECURITY] [DSA 3919-1] openjdk-8 security update
2017-07-25 20:04:45

0.002 Low

EPSS

Percentile

59.7%

JSON
Related for 5732370F4F8B5D39FBC3A44413C65B26F02167FF38729A805C868D677C534946
ibm98prion3ubuntucve3f53cvelist3veracode3cve3nvd3debiancve3ics1nessus30redhat7amazon2openvas20oraclelinux2centos2mageia1suse3ubuntu2aix1osv3debian3