Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8D8EBB96102ED70014CA0DB0DA7106AFC6650D58DE6ADEA478C1B97C31176584
HistoryJun 18, 2018 - 12:10 a.m.

Security Bulletin: Vulnerabilities in Java affect the IBM FlashSystem V9000 (CVE-2015-1931, CVE-2015-2601, CVE-2015-2613, and CVE-2015-2625)

2018-06-1800:10:00
www.ibm.com
9

EPSS

0.008

Percentile

81.6%

JSON

Summary

There are unspecified vulnerabilities revealed in the July 2015 Java Critical Patch Update (CPU) which the IBM® FlashSystem™ V9000 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to obtain sensitive information and which could allow a local attacker to obtain information to aid in further attacks against the system.

Vulnerability Details

This bulletin covers the subset of Java SE CVEs published by Oracle as part of their July 2015 Critical Patch Update to which FlashSystem V9000 is susceptible. For more information please refer to Oracle’s July 2015 CPU Advisory and the X-Force database entries referenced below. This bulletin also covers CVE-2015-1931, which describes a vulnerability in the IBM Java Security Components that are shipped as part of the IBM SDK, Java Technology Edition.

CVEID: CVE-2015-2613**
DESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104734 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-2601**
DESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104733 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-2625**
DESCRIPTION:** An unspecified vulnerability related to the JSSE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 2.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104743 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-1931**
DESCRIPTION:** IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system.
CVSS Base Score: 2.1
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102967 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Affected Products and Versions

FlashSystem V9000 including machine type and models (MTMs) for all available code levels. MTMs affected include 9846-AC2 and 9848-AC2.

Remediation/Fixes

You should verify that applying this fix does not cause any compatibility issues.

Product VRMF APAR Remediation/First Fix
V9000 MTMs:
9846-AE2,
9848-AE2,
9846-AC2,
9848-AC2 A code fix is now available, the VRMF of this code level is 7.5.1.1 (or later) for both the storage enclosure nodes (-AEx) and the control nodes (-ACx) _ _N/A No workarounds or mitigations, other than applying this code fix, are known for this vulnerability

7.5.1.1 is available @ IBM’s Fix Central**:**V9000 fixes, download 7.5.1.1 or later

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm flashsystem v9000eqany

Related

ibm 97
prion 5
nessus 22
nvd 5
debiancve 3
cvelist 5
veracode 4
cve 5
ubuntucve 3
openvas 20
f5 3
suse 5
aix 1
redhat 8
ubuntu 2
archlinux 1
debian 2
osv 2
centos 2
amazon 2
oraclelinux 2
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect eDiscovery Analyzer (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931)
2018-06-17 12:12:00
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator
2018-06-16 21:31:52
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Rational RequisitePro
2018-06-17 05:04:59
prion
prion
Buffer overflow
2015-07-16 10:59:00
Design/Logic Flaw
2022-09-29 03:15:00
Buffer overflow
2015-07-16 10:59:00
nessus
nessus
Juniper Junos Space < 15.1R2 Multiple Vulnerabilities (JSA10727) (Bar Mitzvah) (Logjam)
2016-06-23 00:00:00
Oracle JRockit R28 < R28.3.7 Multiple Vulnerabilities (July 2015 CPU) (Bar Mitzvah) (Logjam)
2015-07-16 00:00:00
AIX Java Advisory : java_july2015_advisory.asc (Logjam)
2015-08-17 00:00:00
nvd
nvd
CVE-2015-2613
2015-07-16 10:59:37
CVE-2015-1931
2022-09-29 03:15:11
CVE-2015-2601
2015-07-16 10:59:27
debiancve
debiancve
CVE-2015-2613
2015-07-16 10:59:37
CVE-2015-2601
2015-07-16 10:59:27
CVE-2015-2625
2015-07-16 10:59:48
cvelist
cvelist
CVE-2015-1931
2020-01-23 18:42:52
CVE-2015-2613
2015-07-16 10:00:00
CVE-2015-2601
2015-07-16 10:00:00
veracode
veracode
Information Disclosure
2019-01-15 09:06:52
Sandbox Restrictions Bypass
2019-05-02 05:41:17
Sandbox Restrictions Bypass
2019-05-02 05:41:17
cve
cve
CVE-2015-1931
2022-09-29 03:15:11
CVE-2015-2613
2015-07-16 10:59:37
CVE-2015-2601
2015-07-16 10:59:27
ubuntucve
ubuntucve
CVE-2015-2613
2015-07-16 00:00:00
CVE-2015-2601
2015-07-16 00:00:00
CVE-2015-2625
2015-07-16 00:00:00
openvas
openvas
Juniper Networks Junos Space Multiple Vulnerabilities (JSA10727)
2016-04-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1375-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1331-1)
2021-04-19 00:00:00
f5
f5
SOL17169 - Java vulnerability CVE-2015-2625
2015-08-27 00:00:00
K17169 : Java vulnerability CVE-2015-2625
2015-08-27 00:00:00
K84947349 : OpenJDK vulnerabilities CVE-2015-2601, CVE-2015-2621, CVE-2015-2632, CVE-2015-4748, and CVE-2015-4749
2017-09-15 00:00:00
suse
suse
Security update for java-1_7_1-ibm (important)
2015-07-31 16:11:04
Security update for java-1_7_0-ibm (important)
2015-08-12 18:09:25
Security update for java-1_7_1-ibm (important)
2015-07-31 16:08:49
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2015-07-31 13:04:25
redhat
redhat
(RHSA-2015:1488) Critical: java-1.7.0-ibm security update
2015-07-23 00:00:00
(RHSA-2015:1485) Critical: java-1.7.1-ibm security update
2015-07-22 00:00:00
(RHSA-2015:1486) Critical: java-1.6.0-ibm security update
2015-07-22 00:00:00
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2015-07-30 00:00:00
OpenJDK 6 vulnerabilities
2015-08-06 00:00:00
archlinux
archlinux
jre7-openjdk: multiple issues
2015-07-22 00:00:00
debian
debian
[SECURITY] [DSA 3339-1] openjdk-6 security update
2015-08-19 20:19:22
[SECURITY] [DSA 3316-1] openjdk-7 security update
2015-07-25 10:13:47
osv
osv
openjdk-7 - security update
2015-07-25 00:00:00
openjdk-6 - security update
2015-08-28 00:00:00
centos
centos
java security update
2015-07-15 15:39:22
java security update
2015-07-15 15:08:01
amazon
amazon
Critical: java-1.7.0-openjdk
2015-07-22 10:00:00
Important: java-1.6.0-openjdk
2015-08-24 22:26:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2015-07-16 00:00:00
java-1.6.0-openjdk security update
2015-07-31 00:00:00

EPSS

0.008

Percentile

81.6%

JSON
Related for 8D8EBB96102ED70014CA0DB0DA7106AFC6650D58DE6ADEA478C1B97C31176584
ibm97prion5nessus22nvd5debiancve3cvelist5veracode4cve5ubuntucve3openvas20f53suse5aix1redhat8ubuntu2archlinux1debian2osv2centos2amazon2oraclelinux2