Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM58FD1DDCB55CCDF528A44B993538A2A81B510E99C4CDFFC005903C0A1A55C134
HistoryAug 09, 2018 - 4:20 a.m.

Security Bulletin: Vulnerabilities in IBM Tivoli System Automation for Integrated Operations Management (Several CVE's)

2018-08-0904:20:36
www.ibm.com
32

EPSS

0.491

Percentile

97.5%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 that is used by IBM Tivoli System Automation for Integrated Operations Management. These issues were disclosed as part of the IBM Java SDK updates in July 2014.
(CVE-2014-3086, CVE-2014-4227, CVE-2014-4262, CVE-2014-4219, CVE-2014-4209, CVE-2014-4220, CVE-2014-4268, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266, CVE-2014-4265, CVE-2014-4221, CVE-2014-4263, CVE-2014-4244, CVE-2014-4208)

Vulnerability Details

CVEID: CVE-2014-3086 DESCRIPTION: A vulnerability in the IBM implementation of the Java Virtual Machine may, under very limited circumstances, allow untrusted code running under a security manager to escalate its privileges.
CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94097&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-4227 DESCRIPTION: An unspecified vulnerability related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94588&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-4262 DESCRIPTION: An unspecified vulnerability related to the Libraries component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94595&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-4219 DESCRIPTION: An unspecified vulnerability related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 9.3
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/94589&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-4209 DESCRIPTION: An unspecified vulnerability related to the JMX component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 6.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94596&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-4220 DESCRIPTION: An unspecified vulnerability related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94598&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-4268 DESCRIPTION: An unspecified vulnerability related to the Swing component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94602&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-4218 DESCRIPTION: An unspecified vulnerability related to the Libraries component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94599&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-4252 DESCRIPTION: An unspecified vulnerability related to the Security component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94600&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-4266 DESCRIPTION: An unspecified vulnerability related to the Serviceability component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94601&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-4265 DESCRIPTION: An unspecified vulnerability related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94597&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-4221 DESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94604&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-4244 DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-4208 DESCRIPTION: An unspecified vulnerability related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 2.6
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/94607&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM Tivoli System Automation for Integrated Operations Management 2.1.0, and 2.1.1

Remediation/Fixes

The recommended solution is to apply the fix to IBM Tivoli System Automation for Integrated Operations Management. Please see below for information on the fixes available.

  • If you are running IBM Tivoli System Automation for Integrated Operations Management 2.1.1, please apply the below mentioned iFix for version 2.1.1. You can apply this iFix on top of any fixpack of version 2.1.1.
  • If you are running IBM Tivoli System Automation for Integrated Operations Management 2.1.0, please apply the below mentioned iFix for version 2.1.0. You can apply this iFix on top of any fixpack of version 2.1.0.

Additionally, you need to install the corresponding APAR from IBM WebSphere Application Manager 6.1. Please follow the instruction on this link: http://www-947.ibm.com/support/entry/portal/alerts/websphere/websphere_application_server?productContext=224294509

<Product> VRMF APAR Remediation/First Fix
IBM Tivoli System Automation for Integrated Operations Management 2.1.1 _There will be links to the iFix for SAIOM 2.1.1 for every supported OS. _

Note: the correct link does yet not exist, but the correct link will be included here once available| _There will be links to the iFix for SAIOM 2.1.1 for every supported OS. __ _

Note: the correct link does yet not exist, but the correct link will be included here once available
IBM Tivoli System Automation for Integrated Operations Management| 2.1.0| _There will be links to the iFix for SAIOM 2.1.0 for every supported OS. __ _

Note: the correct link does yet not exist, but the correct link will be included here once available| _There will be links to the iFix for SAIOM 2.1.0 for every supported OS. __ _

Note: the correct link does yet not exist, but the correct link will be included here once available

Workarounds and Mitigations

None known, apply fixes

Related

aix 1
ibm 44
nessus 39
openvas 36
redhat 9
oraclelinux 3
amazon 2
suse 4
kaspersky 1
centos 3
debian 3
ubuntu 4
mageia 1
prion 8
ubuntucve 6
cvelist 9
cve 9
nvd 9
osv 1
thn 1
veracode 6
aix
aix
Multiple vulnerabilities in current releases of the IBM SDK Java Technology Edition
2014-08-18 14:04:26
ibm
ibm
Security Bulletin: Multiple vulnerabilities in the IBM SDK Java™ Technology for IBM i
2019-12-18 14:26:38
Security Bulletin: IBM Smart Analytics System 5600 is affected by multiple vulnerabilities in the IBM SDK Java™ Technology Edition, Version 6
2018-06-16 13:58:15
Security Bulletin: Multiple vulnerabilities in current releases of the IBM® WebSphere Real Time
2018-06-15 07:01:12
nessus
nessus
AIX Java Advisory : java_jul2014_advisory.asc
2014-08-22 00:00:00
SuSE 11.3 Security Update : IBM Java 1.7.0 (SAT Patch Number 9616)
2014-08-20 00:00:00
RHEL 7 : java-1.7.1-ibm (RHSA-2014:1042)
2014-08-12 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2014:1037-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1055-1)
2021-06-09 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 (Jul 2014) - Linux
2014-07-24 00:00:00
redhat
redhat
(RHSA-2014:1042) Critical: java-1.7.1-ibm security update
2014-08-11 00:00:00
(RHSA-2014:1041) Critical: java-1.7.0-ibm security update
2014-08-11 00:00:00
(RHSA-2014:1033) Critical: java-1.6.0-ibm security update
2014-08-07 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security and bug fix update
2014-07-21 00:00:00
java-1.7.0-openjdk security update
2014-07-16 00:00:00
java-1.7.0-openjdk security update
2014-07-16 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2014-07-31 13:52:00
Critical: java-1.7.0-openjdk
2014-07-23 14:01:00
suse
suse
Security update for openjdk (important)
2014-08-04 19:04:23
Security update for java-1_7_0-ibm (important)
2015-02-21 01:05:45
Security update for java-1_5_0-ibm (important)
2015-02-25 19:05:32
kaspersky
kaspersky
KLA10507 Multiple vulnerabilities in Oracle products
2014-07-17 00:00:00
centos
centos
java security update
2014-07-21 18:20:14
java security update
2014-07-16 10:46:11
java security update
2014-07-16 10:53:36
debian
debian
[SECURITY] [DSA 2980-1] openjdk-6 security update
2014-07-17 15:59:57
[SECURITY] [DSA 2987-1] openjdk-7 security update
2014-07-23 19:51:31
[SECURITY] [DLA 96-1] openjdk-6 security update
2014-11-28 10:25:51
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2014-08-12 00:00:00
OpenJDK 7 regression
2014-08-26 00:00:00
OpenJDK 7 vulnerabilities
2014-08-20 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk packages fix multiple vulnerabilities
2014-07-26 15:03:50
prion
prion
Design/Logic Flaw
2014-07-17 05:10:00
Design/Logic Flaw
2014-07-17 05:10:00
Security feature bypass
2014-08-12 00:55:00
ubuntucve
ubuntucve
CVE-2014-4208
2014-07-17 00:00:00
CVE-2014-4220
2014-07-17 00:00:00
CVE-2014-4268
2014-07-17 00:00:00
cvelist
cvelist
CVE-2014-4220
2014-07-17 02:36:00
CVE-2014-4208
2014-07-17 02:36:00
CVE-2014-4227
2014-07-17 02:36:00
cve
cve
CVE-2014-4220
2014-07-17 05:10:16
CVE-2014-4208
2014-07-17 05:10:15
CVE-2014-4227
2014-07-17 05:10:16
nvd
nvd
CVE-2014-4208
2014-07-17 05:10:15
CVE-2014-4220
2014-07-17 05:10:16
CVE-2014-3086
2014-08-12 00:55:03
osv
osv
openjdk-6 - security update
2014-11-28 00:00:00
thn
thn
Update Your Java to Patch 20 Vulnerabilities Or Just Disable it
2014-07-15 23:03:00
veracode
veracode
Authorization Bypass
2019-05-02 05:08:04
Arbitrary Code Execution
2019-05-02 05:08:03
Privilege Escalation
2020-02-12 00:05:43

EPSS

0.491

Percentile

97.5%

JSON
Related for 58FD1DDCB55CCDF528A44B993538A2A81B510E99C4CDFFC005903C0A1A55C134
aix1ibm44nessus39openvas36redhat9oraclelinux3amazon2suse4kaspersky1centos3debian3ubuntu4mageia1prion8ubuntucve6cvelist9cve9nvd9osv1thn1veracode6