Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6CA8FBEF6881F95B35AEC18883592CFDD73B95C207E48F5F4E4D21582F66CFAA
HistoryJun 16, 2018 - 7:52 p.m.

Security Bulletin: Multiple vulnerabilities in IBM SDK for Java included with IBM Forms Viewer

2018-06-1619:52:50
www.ibm.com
24

EPSS

0.917

Percentile

98.9%

JSON

Summary

Multiple security vulnerabilities exist in the IBM SDK for Java that is included with several installations of the IBM Forms Viewer.

Vulnerability Details

The IBM Forms Viewer includes installers that bundle and use the IBM SDK for Java. This version of Java includes multiple vulnerabilities as described below:

CVEID: CVE-2014-0457**
DESCRIPTION:** An unspecified vulnerability related to the Libraries component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92460 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-0461**
DESCRIPTION:** An unspecified vulnerability related to the Libraries component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92467 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-0429**
DESCRIPTION:** An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92459 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-0455**
DESCRIPTION:** An unspecified vulnerability related to the Libraries component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92466 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-0454**
DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and partial availability impact.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92478 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2013-6954**
DESCRIPTION:** A remote attacker could exploit this vulnerability using specially-crafted PNG image data to cause the application to crash.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/89917 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2013-6629**
DESCRIPTION:** An attacker could exploit this vulnerability using specially crafted JPEG image data to read uninitialized memory and obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88783 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-2401**
DESCRIPTION:** An unspecified vulnerability related to the 2D component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92485 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Affected Products and Versions

IBM Forms Viewer 4.0
IBM Forms Viewer 8.0
IBM Forms Viewer 8.0.1

Remediation/Fixes

Product

| VRMF|APAR|Remediation
—|—|—|—
IBM Forms Viewer| 4.0.0.| LO80905| Install IBM Forms Viewer 4.0.0.3 Update from Fix Central
IBM Forms Viewer| 8.0.0.| LO80905| Install IBM Forms Viewer 8.0.1.1 Update from Fix Central
IBM Forms Viewer| 8.0.1.*| LO80905| Install IBM Forms Viewer 8.0.1.1 Update from Fix Central

Workarounds and Mitigations

This only occurs if the system has installed one of the two editions of the Viewer that include IBM SDK for Java. This includes

* IBM Forms Viewer (complete install)
* IBM Forms Viewer with XML Digital Signature support

Related

nessus 47
ibm 9
aix 1
redhat 7
ubuntucve 7
nvd 7
openvas 33
suse 6
mskb 5
mscve 1
mageia 2
fedora 6
veracode 24
oraclelinux 1
kaspersky 1
cvelist 7
debian 1
f5 4
slackware 1
debiancve 1
symantec 1
cve 7
securityvulns 2
prion 7
cert 1
centos 2
zdi 2
checkpoint_advisories 2
osv 1
thn 1
ubuntu 1
amazon 1
nessus
nessus
Oracle JRockit R27 < R27.8.2 / R28 < R28.3.2 Multiple Vulnerabilities (April 2014 CPU)
2014-04-18 00:00:00
RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2014:0486)
2014-05-14 00:00:00
IBM Domino 9.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (uncredentialed check)
2014-09-23 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server April 2014 CPU
2018-06-15 07:00:13
Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for IBM Support Assistant April 2014 CPU
2018-06-15 07:03:10
Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition
2018-06-15 07:00:10
aix
aix
Multiple vulnerabilities in current releases of the IBM SDK Java Technology Edition
2014-06-19 09:10:49
redhat
redhat
(RHSA-2014:0486) Critical: java-1.7.0-ibm security update
2014-05-13 00:00:00
(RHSA-2013:1804) Moderate: libjpeg security update
2013-12-09 00:00:00
(RHSA-2014:0509) Important: java-1.5.0-ibm security update
2014-05-15 00:00:00
ubuntucve
ubuntucve
CVE-2014-2401
2014-04-16 00:00:00
CVE-2013-6954
2014-01-12 00:00:00
CVE-2013-6629
2013-11-18 00:00:00
nvd
nvd
CVE-2014-2401
2014-04-16 01:55:10
CVE-2014-0454
2014-04-16 01:55:09
CVE-2013-6629
2013-11-19 04:50:56
openvas
openvas
SUSE: Security Advisory for IBM Java (SUSE-SU-2014:0733-1)
2015-10-16 00:00:00
Microsoft Windows 'libjpeg' Information Disclosure Vulnerability (KB4014794)
2017-04-12 00:00:00
Fedora Update for libpng12 FEDORA-2014-1766
2014-02-13 00:00:00
suse
suse
Security update for IBM Java 7 (important)
2014-06-02 22:04:12
Security update for OpenJDK (important)
2014-05-14 01:05:06
Security update for IBM Java 7 (important)
2014-05-30 02:04:16
mskb
mskb
Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017
2017-04-11 07:00:00
Security update for the libjpeg information disclosure vulnerability for Microsoft Silverlight 5: April 11, 2017
2017-04-11 07:00:00
Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017
2017-04-11 07:00:00
mscve
mscve
libjpeg Information Disclosure Vulnerability
2017-04-11 07:00:00
mageia
mageia
Updated libpng and libpng12 packages fix security vulnerability
2014-02-16 17:28:12
Updated libpng12 package fixes security vulnerability
2014-02-16 17:29:28
fedora
fedora
[SECURITY] Fedora 20 Update: libpng15-1.5.17-2.fc20
2014-02-11 23:05:02
[SECURITY] Fedora 19 Update: libpng12-1.2.50-4.fc19
2014-02-11 23:08:02
[SECURITY] Fedora 19 Update: libpng-1.5.13-3.fc19
2014-06-10 02:54:37
veracode
veracode
Information Disclosure
2019-01-15 08:53:01
Denial Of Service (DoS)
2019-05-02 04:58:06
Information Disclosure
2019-05-02 04:58:07
oraclelinux
oraclelinux
libjpeg security update
2013-12-09 00:00:00
kaspersky
kaspersky
KLA11061 Information disclosure vulnerability in Microsoft Windows
2017-04-11 00:00:00
cvelist
cvelist
CVE-2013-6629
2013-11-15 20:00:00
CVE-2013-6954
2014-01-12 15:00:00
CVE-2014-0454
2014-04-16 01:00:00
debian
debian
[SECURITY] [DSA 2923-1] openjdk-7 security update
2014-05-05 14:37:27
f5
f5
K59503294 : libjpeg vulnerability CVE-2013-6629
2016-02-19 00:00:00
SOL59503294 - libjpeg vulnerability CVE-2013-6629
2016-02-19 00:00:00
K15315 : Java Open JDK vulnerability CVE-2014-0429
2014-06-05 00:00:00
slackware
slackware
[slackware-security] libjpeg
2013-12-17 03:49:12
debiancve
debiancve
CVE-2013-6629
2013-11-19 04:50:56
symantec
symantec
libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability
2013-11-12 00:00:00
cve
cve
CVE-2013-6954
2014-01-12 18:34:55
CVE-2014-0454
2014-04-16 01:55:09
CVE-2014-2401
2014-04-16 01:55:10
securityvulns
securityvulns
libpng DoS
2014-02-18 00:00:00
[ MDVSA-2014:035 ] libpng
2014-02-18 00:00:00
prion
prion
Design/Logic Flaw
2014-04-16 01:55:00
Buffer overflow
2014-04-16 01:55:00
Null pointer dereference
2014-01-12 18:34:00
cert
cert
libpng 1.6.1 through 1.6.7 contain a null-pointer dereference vulnerability
2014-01-09 00:00:00
centos
centos
libjpeg security update
2013-12-10 00:47:48
libjpeg security update
2013-12-10 01:01:49
zdi
zdi
Oracle Java ScriptEngineManager Sandbox Bypass Remote Code Execution Vulnerability
2014-04-21 00:00:00
Oracle Java DropArguments Sandbox Bypass Remote Code Execution Vulnerability
2014-04-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java ServiceLoader Exception Handling Sandbox Bypass (CVE-2014-0457)
2014-05-04 00:00:00
Oracle Java awt_setPixels Information Disclosure (CVE-2014-0429)
2014-07-16 00:00:00
osv
osv
openjdk-7 - security update
2014-05-05 00:00:00
thn
thn
Oracle releases Critical Update to Patch 104 Vulnerabilities
2014-04-16 07:48:00
ubuntu
ubuntu
libjpeg, libjpeg-turbo vulnerabilities
2013-12-19 00:00:00
amazon
amazon
Medium: libjpeg-turbo
2013-12-17 21:32:00

EPSS

0.917

Percentile

98.9%

JSON
Related for 6CA8FBEF6881F95B35AEC18883592CFDD73B95C207E48F5F4E4D21582F66CFAA
nessus47ibm9aix1redhat7ubuntucve7nvd7openvas33suse6mskb5mscve1mageia2fedora6veracode24oraclelinux1kaspersky1cvelist7debian1f54slackware1debiancve1symantec1cve7securityvulns2prion7cert1centos2zdi2checkpoint_advisories2osv1thn1ubuntu1amazon1