There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.7 used by Rational Asset Analyzer (RAA). These issues were disclosed as part of the IBM Java SDK updates in January 2018.
CVEID:CVE-2018-2579
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2018-2603
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2018-2633
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
Affected Asset Analyzer (RAA) | Affected Versions |
---|---|
Rational Asset analyzer | 6.1.0.0 - 6.1.0.15 |
Product | VRMF | APAR | Remediation / First Fix |
---|---|---|---|
Rational Asset analyzer | 6.1.0.17 | None | Upgrade to Fix pack 17 |
None
CPE | Name | Operator | Version |
---|---|---|---|
rational asset analyzer | eq | 6.1.0.0 | |
rational asset analyzer | eq | 6.1.0.15 |