Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8F361E19693161D1C984738B1CF1AD07044C2B78DD87750D30870EB2DA4B4BFC
HistoryJun 17, 2018 - 3:39 p.m.

Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect IBM Spectrum Protect (Tivoli Storage Manager) Windows and Macintosh Client (CVE-2016-5542, CVE-2017-3260, CVE-2016-5552)

2018-06-1715:39:41
www.ibm.com
10

0.007 Low

EPSS

Percentile

80.7%

JSON

Summary

There are multiple vulnerabilities in the IBM® Runtime Environment Java™ packaged with the IBM Spectrum Protect (formerly Tivoli Storage Manager) Windows and Macintosh Client. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017.

Vulnerability Details

CVEID: CVE-2016-5542**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component has no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 3.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118073 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)

CVEID: CVE-2017-3260**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the AWT component has high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 8.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120857 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2016-5552**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120872 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

The following versions of the IBM Spectrum Protect (formerly Tivoli Storage Manager) Windows Client are affected:

  • 8.1.0.0 through 8.1.0.1 - Windows and Macintosh platforms
  • 7.1.0.0 through 7.1.6.4 - Windows platform
    7.1.0.0 through 7.1.6.5 - Macintosh platform
  • 6.4.0.0 through 6.4.3.5 - Windows platform; the 6.4 client is not affected on the Macintosh platform.

Remediation/Fixes

IBM Spectrum Protect (Tivoli Storage Manager) Client Release

| First
Fixing
VRM Level|Platform|Link to Fix / Fix Availability Target
—|—|—|—
8.1| 8.1.0.2
8.1.0.2| Windows
Macintosh| <http://www.ibm.com/support/docview.wss?uid=swg24043653&gt;
7.1| 7.1.6.5
7.1.6.6| Windows
Macintosh| http://www.ibm.com/support/docview.wss?uid=swg24042496
6.4| 6.4.3.6| Windows| http://www.ibm.com/support/docview.wss?uid=swg24041144
NOTE: The 6.4 client is not affected on the Macintosh platform…

Workarounds and Mitigations

None

Related

debiancve 3
prion 3
nvd 3
redhatcve 2
cve 3
ibm 59
ubuntucve 3
cvelist 3
veracode 2
kaspersky 1
openvas 32
osv 2
debian 4
nessus 46
amazon 3
mageia 1
redhat 10
ubuntu 3
centos 3
oraclelinux 3
suse 10
debiancve
debiancve
CVE-2017-3260
2017-01-27 22:59:02
CVE-2016-5542
2016-10-25 14:30:17
CVE-2016-5552
2017-01-27 22:59:00
prion
prion
Design/Logic Flaw
2017-01-27 22:59:00
Design/Logic Flaw
2017-01-27 22:59:00
Buffer overflow
2016-10-25 14:30:00
nvd
nvd
CVE-2017-3260
2017-01-27 22:59:02
CVE-2016-5542
2016-10-25 14:30:17
CVE-2016-5552
2017-01-27 22:59:00
redhatcve
redhatcve
CVE-2017-3260
2017-01-18 20:47:25
CVE-2016-5542
2016-10-18 20:18:13
cve
cve
CVE-2017-3260
2017-01-27 22:59:02
CVE-2016-5542
2016-10-25 14:30:17
CVE-2016-5552
2017-01-27 22:59:00
ibm
ibm
Security Bulletin: Vulnerability in IBM Java SDK affects Rational Functional Tester (CVE-2016-5542)
2018-09-29 20:06:32
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio
2018-06-16 13:46:41
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center and IBM ILOG ODM Enterprise
2018-06-16 13:46:41
ubuntucve
ubuntucve
CVE-2017-3260
2017-01-27 00:00:00
CVE-2016-5542
2016-10-25 00:00:00
CVE-2016-5552
2016-12-31 00:00:00
cvelist
cvelist
CVE-2017-3260
2017-01-27 22:01:00
CVE-2016-5542
2016-10-25 14:00:00
CVE-2016-5552
2017-01-27 22:01:00
veracode
veracode
Unauthenticated Access
2019-05-02 06:09:31
Privilege Escalation
2019-01-15 09:13:50
kaspersky
kaspersky
KLA10957 Multiple vulnerabilities in Oracle Java SE
2017-01-27 00:00:00
openvas
openvas
Oracle Java SE Security Updates (jan2017-2881727) 03 - Windows
2017-01-18 00:00:00
Oracle Java SE Security Updates (jan2017-2881727) 03 - Linux
2017-01-18 00:00:00
Debian: Security Advisory (DLA-821-1)
2018-01-04 00:00:00
osv
osv
openjdk-7 - security update
2017-02-08 00:00:00
openjdk-7 - security update
2017-02-11 00:00:00
debian
debian
[SECURITY] [DLA 821-1] openjdk-7 security update
2017-02-11 00:38:57
[SECURITY] [DSA 3782-1] openjdk-7 security update
2017-02-08 18:15:02
[SECURITY] [DLA 704-1] openjdk-7 security update
2016-11-06 23:22:35
nessus
nessus
Debian DSA-3782-1 : openjdk-7 - security update
2017-02-09 00:00:00
Debian DLA-821-1 : openjdk-7 security update
2017-02-13 00:00:00
Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2017-0061)
2017-01-13 00:00:00
amazon
amazon
Critical: java-1.8.0-openjdk
2016-10-27 17:00:00
Important: java-1.7.0-openjdk
2016-11-18 12:30:00
Important: java-1.6.0-openjdk
2017-02-06 18:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerability
2016-10-26 02:11:42
redhat
redhat
(RHSA-2016:2137) Critical: java-1.7.1-ibm security update
2016-11-02 10:42:12
(RHSA-2016:2138) Critical: java-1.7.0-ibm security update
2016-11-02 00:00:00
(RHSA-2016:2136) Critical: java-1.8.0-ibm security update
2016-11-02 10:42:02
ubuntu
ubuntu
OpenJDK 8 vulnerabilities
2016-11-03 00:00:00
OpenJDK 6 vulnerabilities
2016-12-08 00:00:00
OpenJDK 7 vulnerabilities
2016-11-17 00:00:00
centos
centos
java security update
2017-01-12 15:48:29
java security update
2016-11-12 06:29:49
java security update
2016-10-19 14:40:38
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2016-10-19 00:00:00
java-1.7.0-openjdk security update
2016-11-09 00:00:00
java-1.6.0-openjdk security update
2017-01-12 00:00:00
suse
suse
Security update for java-1_8_0-openjdk (important)
2017-01-31 21:11:53
Security update for java-1_7_0-openjdk (important)
2017-02-17 15:10:09
Security update for java-1_7_1-ibm (important)
2016-12-07 18:08:22

0.007 Low

EPSS

Percentile

80.7%

JSON
Related for 8F361E19693161D1C984738B1CF1AD07044C2B78DD87750D30870EB2DA4B4BFC
debiancve3prion3nvd3redhatcve2cve3ibm59ubuntucve3cvelist3veracode2kaspersky1openvas32osv2debian4nessus46amazon3mageia1redhat10ubuntu3centos3oraclelinux3suse10