Lucene search

IBMA07AC2557CB22F1AD81AFEA67E4FC50393FFA7F6E3BD50A79847D93E26932D60

HistoryJan 21, 2019 - 3:35 p.m.

Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities

2019-01-2115:35:01

www.ibm.com

0.007 Low

EPSS

Percentile

80.4%

JSON

Summary

IBM MessageSight has addressed the following Java vulnerabilities:

CVE-2018-3183: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting)
CVE-2018-3169: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot)
CVE-2018-3149: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI)
CVE-2018-3136: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security)

Vulnerability Details

CVEID: CVE-2018-3136
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 3.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)

CVEID: CVE-2018-3149
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2018-3169
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2018-3183
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Affected Products and Versions

Affected IBM MessageSight	Affected Versions
IBM MessageSight	1.2.0.0 - 1.2.0.3
IBM MessageSight	2.0.0.0 - 2.0.0.2

Remediation/Fixes

IBM MessageSight | 1.2.0.3 | [

1.2.0.3-IBM-IMA-IFIT27801

](<http://www.ibm.com/support/docview.wss?uid=ibm10795832>)
—|—|—
IBM MessageSight | 2.0.0.2 | [

2.0.0.2-IBM-IMA-IFIT27801

](<http://www.ibm.com/support/docview.wss?uid=ibm10795836>)

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm messagesighteq1.2
ibm messagesighteq2.0

CPE	Name	Operator	Version
	ibm messagesight	eq	1.2
	ibm messagesight	eq	2.0

0.007 Low

EPSS

Percentile

80.4%

JSON

Related for A07AC2557CB22F1AD81AFEA67E4FC50393FFA7F6E3BD50A79847D93E26932D60