Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8455FB976B74E254917EBA4A93A1C5D548D66262BBE9838EB4FC27A39CA2017A
HistoryNov 10, 2022 - 12:06 p.m.

Security Bulletin: The Java version bundled with IBM Cognos Express is susceptible to unspecified vulnerabilities in the Java Runtime Environment (JRE) (CVE-2012-0498 and CVE-2012-5081)

2022-11-1012:06:25
www.ibm.com
21
ibm cognos express
java runtime environment
vulnerability
remote attackers
cve-2012-0498
cve-2012-5081
confidentiality
integrity
availability
2d
jsse

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.12 Low

EPSS

Percentile

95.4%

JSON

Summary

The version of Java included with IBM Cognos Express has a reported vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (CVE-2012-0498) and allows remote attackers to affect availability (CVE-2012-5081).

Vulnerability Details

VULNERABILITY DETAILS:

DESCRIPTION:
The Java Runtime Environment is bundled with IBM Cognos Express. This Unspecified vulnerability in the Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

CVEID: CVE-2012-0498
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73186&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

DESCRIPTION:
The Java Runtime Environment is bundled with IBM Cognos Express. This unspecified vulnerability allows remote attackers to affect availability, related to JSSE.

CVEID: CVE-2012-5081
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79435&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

AFFECTED PRODUCTS AND VERSIONS:
IBM Cognos Express 10.1, 10.1 FP1

REMEDIATION:

Fix* VRMF APAR How to acquire fix
Cognos_Express_10.1.0.JRE01.zip
Download 10.1-BA-CX-Win64-JRE01

Workaround(s):
None known, applies fixes.

Mitigation(s):
None known

REFERENCES:
<https://vulners.com/cve/CVE-2012-0498&gt;
<https://vulners.com/cve/CVE-2012-5081&gt;

Affected configurations

Vulners
Node
ibmplanning_analyticsMatch10.1
CPENameOperatorVersion
ibm planning analytics expresseq10.1

Related

cvelist 3
cve 3
ubuntucve 2
prion 3
ibm 17
f5 1
nvd 3
zdi 1
openvas 43
nessus 59
suse 11
cert 1
redhat 13
veracode 25
checkpoint_advisories 1
centos 3
oraclelinux 3
amazon 2
threatpost 1
ubuntu 1
securityvulns 2
seebug 1
cvelist
cvelist
CVE-2012-0498
2012-02-15 22:00:00
CVE-2012-5081
2012-10-16 21:29:00
CVE-2012-3202
2012-10-17 00:00:00
cve
cve
CVE-2012-0498
2012-02-15 22:55:00
CVE-2012-5081
2012-10-16 21:55:02
CVE-2012-3202
2012-10-17 00:55:02
ubuntucve
ubuntucve
CVE-2012-0498
2012-02-15 00:00:00
CVE-2012-5081
2012-10-16 00:00:00
prion
prion
Design/Logic Flaw
2012-02-15 22:55:00
Design/Logic Flaw
2012-10-16 21:55:00
Design/Logic Flaw
2012-10-17 00:55:00
ibm
ibm
Security Bulletin: IBM Tivoli Directory Integrator can be affected by a vulnerability in IBM Java Runtime Environment (CVE-2012-5081)
2022-09-25 20:45:36
Security Bulletin: IBM InfoSphere Master Data Management Reference Data Management Hub affected by a vulnerability in the IBM JRE used by WebSphere Application Server (CVE-2012-5081)
2022-09-25 20:45:36
Security Bulletin: IBM Tivoli Federated Identity Manager Business Gateway can be affected by a vulnerability in IBM Java Runtime Environment (CVE-2012-5081)
2022-09-25 20:45:36
f5
f5
K21018505 : JRE vulnerability CVE-2012-5081
2018-02-08 00:00:00
nvd
nvd
CVE-2012-5081
2012-10-16 21:55:02
CVE-2012-0498
2012-02-15 22:55:00
CVE-2012-3202
2012-10-17 00:55:02
zdi
zdi
Oracle Java Runtime readMabCurveData nTblSize Remote Code Execution Vulnerability
2012-04-09 00:00:00
openvas
openvas
Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 03)
2012-02-21 00:00:00
Oracle Java SE JDK Multiple Vulnerabilities - 03 - (Feb 2012) - Windows
2012-02-21 00:00:00
Oracle Java SE JRE Multiple Vulnerabilities - 03 - (Feb 2012) - Windows
2012-02-21 00:00:00
nessus
nessus
Oracle JRockit R27 < R27.7.4.5 / R28 < R28.2.5.20 Multiple Vulnerabilities (October 2012 CPU)
2014-07-18 00:00:00
SUSE SLES10 / SLES11 Security Update : IBM Java 1.4.2 (SUSE-SU-2012:1490-1)
2015-05-20 00:00:00
SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 8366) (ROBOT)
2012-11-19 00:00:00
suse
suse
Security update for IBM Java 1.4.2 (important)
2012-11-16 21:09:15
Security update for IBM Java 1.5.0 (important)
2012-11-16 21:08:57
Security update for IBM Java 1.6.0 (important)
2012-05-09 21:08:17
cert
cert
TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding
2017-12-12 00:00:00
redhat
redhat
(RHSA-2012:1485) Critical: java-1.4.2-ibm security update
2012-11-22 00:00:00
(RHSA-2012:0139) Critical: java-1.6.0-sun security update
2012-02-16 00:00:00
(RHSA-2012:0508) Critical: java-1.5.0-ibm security update
2012-04-23 00:00:00
veracode
veracode
Memory Corruption
2019-05-02 04:41:04
Memory Corruption
2019-05-02 04:41:05
Memory Corruption
2019-05-02 04:41:05
checkpoint_advisories
checkpoint_advisories
ROBOT TLS_RSA Scanning Attempt (CVE-2012-5081; CVE-2016-6883; CVE-2017-1000385; CVE-2017-12373; CVE-2017-13098; CVE-2017-13099; CVE-2017-17382; CVE-2017-17427; CVE-2017-17428; CVE-2017-17841; CVE-2017-6168)
2017-12-17 00:00:00
centos
centos
java security update
2012-10-17 21:15:32
java security update
2012-10-17 21:21:03
java security update
2012-10-17 21:16:08
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2012-10-17 00:00:00
java-1.6.0-openjdk security update
2012-10-17 00:00:00
java-1.7.0-openjdk security update
2012-10-17 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2012-10-23 10:38:00
Important: java-1.7.0-openjdk
2012-10-23 10:38:00
threatpost
threatpost
Apple Patches Java Flaws
2012-10-18 13:44:08
ubuntu
ubuntu
OpenJDK vulnerabilities
2012-10-26 00:00:00
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2012-08-20 00:00:00
Oracle Java / OpenJDK multiple security vulnerabilities
2012-10-30 00:00:00
seebug
seebug
IBM Rational AppScan 8.x/7.x 多个安全漏洞
2012-06-16 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.12 Low

EPSS

Percentile

95.4%

JSON
Related for 8455FB976B74E254917EBA4A93A1C5D548D66262BBE9838EB4FC27A39CA2017A
cvelist3cve3ubuntucve2prion3ibm17f51nvd3zdi1openvas43nessus59suse11cert1redhat13veracode25checkpoint_advisories1centos3oraclelinux3amazon2threatpost1ubuntu1securityvulns2seebug1