Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM

2019-07-1018:40:02

www.ibm.com

EPSS

0.016

Percentile

87.4%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by IBM QRadar SIEM. IBM QRadar SIEM has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2018-11212
**Description:**libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
**CVSS Base Score:**3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVEID: CVE-2018-12547
**Description:**Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
**CVSS Base Score:**9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVEID: CVE-2019-2426
**Description:**An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
**CVSS Base Score:**3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N