There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8, and IBM® Runtime Environment Java™, Versions 7 and 8 that are used by IBM® Intelligent Operations Center, IBM® Intelligent Operations Center for Emergency Management, and IBM® Water Operations for Waternamics. IBM® Intelligent Operations Center has addressed the applicable CVEs.
If you run your own Java™ code using the IBM® Java™ JRE that is delivered with this product, you should evaluate your code to determine whether additional Java™ vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the “IBM Java SDK Security Bulletin” located in the References section for more information.
CVE IDs: CVE-2019-2698 CVE-2019-2697 CVE-2019-2602 CVE-2019-2684 CVE-2019-10245
CVEID: CVE-2019-2698 DESCRIPTION: An unspecified vulnerability related to the Java SE 2D component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159790> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-2697 DESCRIPTION: An unspecified vulnerability related to the Java SE 2D component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159789> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-2602 DESCRIPTION: An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159698> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-2684 DESCRIPTION: An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159776> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2019-10245 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a denial of service, caused by the execution of a method past the end of bytecode array by the Java bytecode verifier. A remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160010> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Principal Product and Versions
| Affected Supporting Products and Versions
—|—
IBM® Intelligent Operations Center V1.6.0 - V5.2.0 |
IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 40 and earlier releases
IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 40 and earlier releases
IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 31 and earlier releases
IBM® Intelligent Operations Center for Emergency Management V1.6 - V5.1.0.6
IBM® Water Operations for Waternamics V5.1 - V5.2.1.1
The fix for this issue is available in IBM® Intelligent Operations Center version 5.2.1 on Passport Advantage.
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM® Intelligent Operations Center | V5.2.0 | IBM® Intelligent Operations Center V5.2.1 on Passport Advantage | |
IBM® Intelligent Operations Center | V5.1.0 - V5.1.0.14 | IBM® Intelligent Operations Center V5.2.1 on Passport Advantage | |
IBM® Water Operations for Waternamics | V5.1.0 - V5.2.1.1 | IBM® Intelligent Operations Center V5.2.1 on Passport Advantage |
For information about the latest available updates, see IBM Intelligent Operations Center V5.2 installation updates.
None.