Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBDB9573A5D69CADBF5FAAFB6C3AEBA767CD6AC9E678F743FD1D9C0637365B86B
HistoryOct 27, 2020 - 3:56 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Rational Developer for System z (CVE-2016-0363 and CVE-2016-0376)

2020-10-2715:56:50
www.ibm.com
13

0.071 Low

EPSS

Percentile

94.0%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by Rational Developer for System z. These issues were disclosed as part of the IBM Java SDK updates in April 2016.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

  • Follow this link for more information (requires login with your IBM ID)
    —|—

If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the Reference section for more information.

CVEID: CVE-2016-0363** *DESCRIPTION: IBM SDK, Java Technology Edition contains a vulnerability in the IBM ORB implementation that may allow untrusted code running under a security manager to elevate its privileges. This vulnerability was originally reported as CVE-2013-3009.
CVSS Base Score: 8.1
CVSS Temporal Score: See _https://exchange.xforce.ibmcloud.com/vulnerabilities/112016 _for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-0376** *DESCRIPTION: A vulnerability in IBM Java SDK could allow a remote attacker to execute arbitrary code on the system. This vulnerability allows code running under a security manager to escalate its privileges by modifying or removing the security manager. This vulnerability was originally reported as CVE-2013-5456.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112152 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Principal Product and Version(s)

  • Rational Developer for System z, versions 8.5.1.6 and earlier
  • Rational Developer for System z, versions 9.0.1.5 and earlier
  • Rational Developer for System z, versions 9.1.1.3 and earlier
  • Rational Developer for z Systems, versions 9.5.1 and earlier

Remediation/Fixes

IBM has provided patches for all affected versions.

Follow the installation instructions in the README files included with the patch.

The fix can be obtained at the following locations:

Related

ibm 54
nessus 36
nvd 6
cvelist 6
cve 6
prion 6
suse 22
openvas 18
aix 2
threatpost 1
veracode 3
redhat 11
ibm
ibm
Security Bulletin: The vulnerability in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions(CVE-2016-0363 and CVE-2016-0376)
2018-06-17 15:23:05
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer (CVE-2016-0363, CVE-2016-0376)
2018-08-03 04:23:43
Security Bulletin:Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Content Collector(CVE-2016-0363 CVE-2016-0376 )
2018-06-17 12:15:25
nessus
nessus
IBM Java 6.0 < 6.0.16.25 / 6.1 < 6.1.8.25 / 7.0 < 7.0.9.40 / 7.1 < 7.1.3.40 / 8.0 < 8.0.3.0 Multiple Vulnerabilities (Apr 1, 2016)
2022-04-29 00:00:00
RHEL 7 : java-1.8.0-ibm (RHSA-2016:0716)
2016-05-04 00:00:00
SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:1379-1)
2016-05-24 00:00:00
nvd
nvd
CVE-2016-0376
2016-06-03 14:59:02
CVE-2016-0363
2016-06-03 14:59:01
CVE-2013-5456
2013-11-24 18:55:04
cvelist
cvelist
CVE-2016-0376
2016-06-03 14:00:00
CVE-2016-0363
2016-06-03 14:00:00
CVE-2013-5456
2013-11-24 18:00:00
cve
cve
CVE-2016-0376
2016-06-03 14:59:02
CVE-2016-0363
2016-06-03 14:59:01
CVE-2013-5456
2013-11-24 18:55:04
prion
prion
Design/Logic Flaw
2016-06-03 14:59:00
Design/Logic Flaw
2016-06-03 14:59:00
Deserialization of untrusted data
2013-11-24 18:55:00
suse
suse
Security update for java-1_7_1-ibm (important)
2016-05-13 16:09:03
Security update for java-1_6_0-ibm (important)
2016-05-13 21:07:55
Security update for java-1_6_0-ibm (important)
2016-05-21 02:08:31
openvas
openvas
SUSE: Security Advisory for java-1_7_1-ibm (SUSE-SU-2016:1299-1)
2016-05-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1388-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1379-1)
2021-06-09 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-05-06 09:00:55
Multiple Java vulnerabilities
2013-12-11 10:53:34
threatpost
threatpost
Broken IBM Java Patch Disclosure
2016-04-13 11:30:13
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 05:29:23
Sandbox Restrictions Bypass
2019-05-02 05:29:23
Memory Corruption
2019-05-02 04:46:32
redhat
redhat
(RHSA-2016:0708) Critical: java-1.6.0-ibm security update
2016-05-02 00:00:00
(RHSA-2016:0702) Critical: java-1.7.0-ibm security update
2016-04-29 00:00:00
(RHSA-2016:0716) Critical: java-1.8.0-ibm security update
2016-05-03 18:23:40

0.071 Low

EPSS

Percentile

94.0%

JSON
Related for BDB9573A5D69CADBF5FAAFB6C3AEBA767CD6AC9E678F743FD1D9C0637365B86B
ibm54nessus36nvd6cvelist6cve6prion6suse22openvas18aix2threatpost1veracode3redhat11