Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9C570BA1487C58197440C5D9CC9244355859DC10DDADC4FF8F11085B41621FEF
HistoryJun 16, 2018 - 9:44 p.m.

Security Bulletin: IBM Java as used in IBM QRadar SIEM is vulnerable to information disclosure. (CVE-2016-3426)

2018-06-1621:44:56
www.ibm.com
7

EPSS

0.071

Percentile

94.1%

JSON

Summary

All applicable CVEs from Oracle’s January 2016 CPU, plus CVE-2016-0636 and three additional IBM-specific vulnerabilities (CVE-2016-0363, CVE-2016-0376, and CVE-2016-0264).

Vulnerability Details

CVEID: CVE-2016-3426 **
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.

CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112457&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID: CVE-2016-0636 **
DESCRIPTION:** Oracle Java SE could allow a remote attacker to execute arbitrary code on the system, caused by an error in the desktop and browser plug-in versions of the software. By persuading a victim to visit a specially crafted web site, an attacker could exploit this vulnerability to gain complete control of the system.

CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111731&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-0363 **
DESCRIPTION:** IBM SDK, Java Technology Edition contains a vulnerability in the IBM ORB implementation that may allow untrusted code running under a security manager to elevate its privileges. This vulnerability was originally reported as CVE-2013-3009.

CVSS Base Score: 8.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112016&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-0376 **
DESCRIPTION:** A vulnerability in IBM Java SDK could allow a remote attacker to execute arbitrary code on the system. This vulnerability allows code running under a security manager to escalate its privileges by modifying or removing the security manager. This vulnerability was originally reported as CVE-2013-5456.

CVSS Base Score: 8.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112152&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-0264 **
DESCRIPTION:** A buffer overflow vulnerability in the IBM JVM facilitates arbitrary code execution under certain limited circumstances.

CVSS Base Score: 5.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110867&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

    • IBM QRadar 7.1.n
  • IBM QRadar 7.2.n

Remediation/Fixes

Workarounds and Mitigations

None

Related

ibm 47
nessus 44
cvelist 6
prion 7
cve 6
nvd 6
suse 16
openvas 35
aix 1
redhat 11
threatpost 1
veracode 4
oraclelinux 4
ubuntucve 1
debiancve 1
centos 4
amazon 1
cisa 1
kaspersky 1
ubuntu 1
mageia 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems, IBM OS Images for AIX, and Windows. (CVE-2016-0363, CVE-2016-0376, CVE-2016-3426, and CVE-2016-0264)
2018-06-15 07:05:41
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Image Construction and Composition Tool. (CVE-2016-0363, CVE-2016-0376, CVE-2016-3426, and CVE-2016-0264)
2018-06-15 07:05:41
Security Bulletin:Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Content Collector(CVE-2016-0363 CVE-2016-0376 )
2018-06-17 12:15:25
nessus
nessus
IBM Java 6.0 < 6.0.16.25 / 6.1 < 6.1.8.25 / 7.0 < 7.0.9.40 / 7.1 < 7.1.3.40 / 8.0 < 8.0.3.0 Multiple Vulnerabilities (Apr 1, 2016)
2022-04-29 00:00:00
SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2016:1300-1)
2016-05-16 00:00:00
SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:1379-1)
2016-05-24 00:00:00
cvelist
cvelist
CVE-2016-0363
2016-06-03 14:00:00
CVE-2016-0376
2016-06-03 14:00:00
CVE-2013-3009
2013-07-23 10:00:00
prion
prion
Design/Logic Flaw
2016-06-03 14:59:00
Design/Logic Flaw
2016-06-03 14:59:00
Deserialization of untrusted data
2013-11-24 18:55:00
cve
cve
CVE-2016-0376
2016-06-03 14:59:02
CVE-2016-0363
2016-06-03 14:59:01
CVE-2013-5456
2013-11-24 18:55:04
nvd
nvd
CVE-2016-0363
2016-06-03 14:59:01
CVE-2016-0376
2016-06-03 14:59:02
CVE-2013-5456
2013-11-24 18:55:04
suse
suse
Security update for java-1_6_0-ibm (important)
2016-05-21 02:08:31
Security update for IBM Java 1.6.0 (important)
2016-05-24 14:08:01
Security update for java-1_7_1-ibm (important)
2016-05-13 16:08:16
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:1388-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1379-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1299-1)
2021-04-19 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-05-06 09:00:55
redhat
redhat
(RHSA-2016:0701) Critical: java-1.7.1-ibm security update
2016-04-29 12:26:13
(RHSA-2016:0716) Critical: java-1.8.0-ibm security update
2016-05-03 18:23:40
(RHSA-2016:0702) Critical: java-1.7.0-ibm security update
2016-04-29 00:00:00
threatpost
threatpost
Broken IBM Java Patch Disclosure
2016-04-13 11:30:13
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 05:29:23
Arbitrary Code Execution
2019-01-15 09:11:23
Sandbox Restrictions Bypass
2019-01-15 09:10:40
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2016-03-24 00:00:00
java-1.8.0-openjdk security update
2016-03-24 00:00:00
java-1.8.0-openjdk security update
2016-03-24 00:00:00
ubuntucve
ubuntucve
CVE-2016-0636
2016-03-23 00:00:00
debiancve
debiancve
CVE-2016-0636
2016-03-24 18:59:00
centos
centos
java security update
2016-03-25 03:42:05
java security update
2016-03-25 03:43:23
java security update
2016-03-25 04:16:25
amazon
amazon
Critical: java-1.8.0-openjdk, java-1.7.0-openjdk
2016-03-29 15:30:00
cisa
cisa
Oracle Releases Security Update for Java SE
2016-03-24 00:00:00
kaspersky
kaspersky
KLA10775 An unknown vulnerability in Oracle Java SE
2016-03-23 00:00:00
ubuntu
ubuntu
OpenJDK 7 vulnerability
2016-03-24 00:00:00
mageia
mageia
Updated java packages fix CVE-2016-0636
2016-04-06 17:09:53

EPSS

0.071

Percentile

94.1%

JSON
Related for 9C570BA1487C58197440C5D9CC9244355859DC10DDADC4FF8F11085B41621FEF
ibm47nessus44cvelist6prion7cve6nvd6suse16openvas35aix1redhat11threatpost1veracode4oraclelinux4ubuntucve1debiancve1centos4amazon1cisa1kaspersky1ubuntu1mageia1