Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM75847106DDA59D969AC0CC5D5D85844498E31446EE547D1D9B1A4B491F5FCBF2
HistoryJun 08, 2021 - 9:47 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM DataPower Gateway

2021-06-0821:47:38
www.ibm.com
24

0.002 Low

EPSS

Percentile

57.9%

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM DataPower Gateway. IBM DataPower Gateway has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2019-2816 DESCRIPTION: An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 4.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/163878 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID: CVE-2019-2762 DESCRIPTION: An unspecified vulnerability related to the Java SE Utilities component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/163826 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2019-2769 DESCRIPTION: An unspecified vulnerability related to the Java SE Utilities component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/163832 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected IBM DataPower Gateway Affected Versions
IBM DataPower Gateway 2018.4.1.0 - 2018.4.1.7
IBM DataPower Gateway 7.6.0.0 - 7.6.0.16

Remediation/Fixes

Product VRMF APAR Remediation / First Fix
IBM DataPower Gateway 2018.4.1.8 IT30265 Install the fix pack
IBM DataPower Gateway 7.6.0.17 IT30265 Install the fix pack

Workarounds and Mitigations

None

Monitor IBM Cloud Status for Future Security Bulletins

Monitor the security notifications on the IBM Cloud Status page to be advised of future security bulletins.

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

6 November 2019: Initial version published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{“Business Unit”:{“code”:“BU053”,“label”:“Cloud & Data Platform”},“Product”:{“code”:“SS9H2Y”,“label”:“IBM DataPower Gateway”},“Component”:“”,“Platform”:[{“code”:“PF009”,“label”:“Firmware”}],“Version”:“All Versions”,“Edition”:“”,“Line of Business”:{“code”:“LOB45”,“label”:“Automation”}}]

CPENameOperatorVersion
ibm datapower gatewayeqany

Related

ibm 39
osv 3
debian 3
openvas 26
nessus 65
redhat 13
centos 5
oraclelinux 7
amazon 5
mageia 1
photon 1
ubuntu 2
suse 2
f5 1
debiancve 3
prion 3
cvelist 3
ubuntucve 3
redhatcve 3
veracode 3
nvd 3
alpinelinux 2
cve 3
ibm
ibm
Security Bulletin: IBM Kenexa LCMS Premier On Premise - IBM SDK, Java Technology Edition Quarterly CPU - Jul 2019 - Includes Oracle Jul 2019 CPU
2020-05-21 10:13:59
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Global Name Management (CVE-2019-2769, CVE-2019-2762, CVE-2019-2816).
2022-04-20 17:04:55
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM (CVE-2019-2816, CVE-2019-2762, CVE-2019-2769)
2020-02-24 16:39:30
osv
osv
openjdk-7 - security update
2019-08-15 00:00:00
openjdk-8 - security update
2019-07-21 00:00:00
openjdk-11 - security update
2019-07-21 00:00:00
debian
debian
[SECURITY] [DLA 1886-1] openjdk-7 security update
2019-08-15 21:57:38
[SECURITY] [DSA 4485-1] openjdk-8 security update
2019-07-21 18:01:49
[SECURITY] [DSA 4486-1] openjdk-11 security update
2019-07-21 18:05:03
openvas
openvas
Debian: Security Advisory (DLA-1886-1)
2019-08-16 00:00:00
Oracle Java SE Security Updates (jul2019-5072835) 03 - Windows
2019-07-17 00:00:00
Oracle Java SE Security Updates (jul2019-5072835) 03 - Linux
2019-07-17 00:00:00
nessus
nessus
Photon OS 2.0: Openjdk8 PHSA-2019-2.0-0173
2019-09-12 00:00:00
RHEL 6 : java-1.7.1-ibm (RHSA-2019:2494)
2019-08-20 00:00:00
RHEL 7 : java-1.7.1-ibm (RHSA-2019:2495)
2019-08-20 00:00:00
redhat
redhat
(RHSA-2019:2494) Important: java-1.7.1-ibm security update
2019-08-15 08:51:37
(RHSA-2019:2495) Important: java-1.7.1-ibm security update
2019-08-15 08:51:41
(RHSA-2019:1811) Moderate: java-1.8.0-openjdk security update
2019-07-22 11:45:26
centos
centos
java security update
2019-07-24 20:19:55
java security update
2019-07-24 20:29:31
java security update
2019-07-24 20:27:45
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2019-07-24 00:00:00
java-1.8.0-openjdk security update
2019-07-23 00:00:00
java-1.7.0-openjdk security update
2019-07-24 00:00:00
amazon
amazon
Medium: java-1.7.0-openjdk
2019-08-23 16:53:00
Medium: java-1.8.0-openjdk
2019-08-23 16:55:00
Medium: java-1.7.0-openjdk
2019-08-23 03:14:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2019-09-07 00:09:08
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0250
2019-09-10 00:00:00
ubuntu
ubuntu
OpenJDK 8 vulnerabilities
2019-07-31 00:00:00
OpenJDK 11 vulnerabilities
2019-07-31 00:00:00
suse
suse
Security update for java-1_8_0-openjdk (important)
2019-08-15 00:00:00
Security update for java-11-openjdk (important)
2019-08-15 00:00:00
f5
f5
K000133456 : OpenJDK vulnerabilities CVE-2019-2766, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2842
2023-04-10 00:00:00
debiancve
debiancve
CVE-2019-2762
2019-07-23 23:15:39
CVE-2019-2816
2019-07-23 23:15:43
CVE-2019-2769
2019-07-23 23:15:40
prion
prion
Code injection
2019-07-23 23:15:00
Code injection
2019-07-23 23:15:00
Design/Logic Flaw
2019-07-23 23:15:00
cvelist
cvelist
CVE-2019-2769
2019-07-23 22:31:45
CVE-2019-2762
2019-07-23 22:31:44
CVE-2019-2816
2019-07-23 22:31:48
ubuntucve
ubuntucve
CVE-2019-2762
2019-07-23 00:00:00
CVE-2019-2769
2019-07-23 00:00:00
CVE-2019-2816
2019-07-23 00:00:00
redhatcve
redhatcve
CVE-2019-2762
2019-12-26 15:43:52
CVE-2019-2769
2019-12-26 15:44:01
CVE-2019-2816
2020-04-04 05:26:54
veracode
veracode
Denial Of Service (DoS)
2019-07-29 00:08:03
Denial Of Service (DoS)
2019-07-29 00:08:03
Authorization Bypass
2019-07-29 00:08:04
nvd
nvd
CVE-2019-2769
2019-07-23 23:15:40
CVE-2019-2762
2019-07-23 23:15:39
CVE-2019-2816
2019-07-23 23:15:43
alpinelinux
alpinelinux
CVE-2019-2769
2019-07-23 23:15:40
CVE-2019-2762
2019-07-23 23:15:39
cve
cve
CVE-2019-2762
2019-07-23 23:15:39
CVE-2019-2769
2019-07-23 23:15:40
CVE-2019-2816
2019-07-23 23:15:43

0.002 Low

EPSS

Percentile

57.9%

JSON
Related for 75847106DDA59D969AC0CC5D5D85844498E31446EE547D1D9B1A4B491F5FCBF2
ibm39osv3debian3openvas26nessus65redhat13centos5oraclelinux7amazon5mageia1photon1ubuntu2suse2f51debiancve3prion3cvelist3ubuntucve3redhatcve3veracode3nvd3alpinelinux2cve3