Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC9A0F83DA43F98BB8749F1E06867002E1C69DB325BE1EE6ED8D3F245105C2D03
HistoryAug 19, 2022 - 11:26 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Tivoli Storage Productivity Center October 2014 CPU

2022-08-1923:26:06
www.ibm.com
15
ibm java sdk
tivoli storage productivity center
poodle sslv3
cve-2014-6513
cve-2014-6457
cve-2014-6468
cve-2014-6502
cve-2014-6504
cve-2014-6506
cve-2014-6511
cve-2014-6512
awt component
jsse component
hotspot component
libraries component
2d component

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

3.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

0.975 High

EPSS

Percentile

100.0%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM Tivoli Storage Productivity Center. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These issues were disclosed as part of the IBM Java SDK updates in October 2014.

Vulnerability Details

CVEID: CVE-2014-6513** **
DESCRIPTION: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 10
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97127&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6457

DESCRIPTION: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVE-ID:CVE-2014-6468

**DESCRIPTION:**An unspecified vulnerability related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 6.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97138&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6502

DESCRIPTION: An unspecified vulnerability related to the Libraries component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 2.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97150&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)

CVE-ID:CVE-2014-6504

**DESCRIPTION:**An unspecified vulnerability related to the Hotspot component could allow a remote attacker to obtain sensitive information.

CVSS Base Score: 5
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97143&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-6506

DESCRIPTION: An unspecified vulnerability related to the Libraries component has partial confidentiality impact, partial integrity impact, and partial availability impact.

CVSS Base Score: 6.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97139&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID: CVE-2014-6511

DESCRIPTION: An unspecified vulnerability related to the 2D component could allow a remote attacker to obtain sensitive information.

CVSS Base Score: 5
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97140&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-6512

DESCRIPTION: An unspecified vulnerability related to the Libraries component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97147&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE-ID:CVE-2014-6519

**DESCRIPTION:**An unspecified vulnerability related to the Hotspot component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97144&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE-ID:CVE-2014-3566

**DESCRIPTION:**Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.

CVSS Base Score: 4.3

CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

For more information on CVE-2014-3566, please refer to the links in the reference section.

The following advisories are included in the IBM Java SDK but Tivoli Storage Productivity Center is not vulnerable to them. You will need to evaluate your own code to determine if you are vulnerable.

CVEID: CVE-2014-6456

DESCRIPTION: An unspecified vulnerability related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 9.3
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97130&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6503

DESCRIPTION: An unspecified vulnerability related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97129&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6532

DESCRIPTION: An unspecified vulnerability related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97128&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-4288

DESCRIPTION: An unspecified vulnerability related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 7.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97135&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6493

DESCRIPTION: An unspecified vulnerability related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 7.6
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97134&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6492

DESCRIPTION: An unspecified vulnerability related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 7.6
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97133&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6458

DESCRIPTION: An unspecified vulnerability related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 6.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97137&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6466

DESCRIPTION: An unspecified vulnerability related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 6.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97136&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6476

DESCRIPTION: An unspecified vulnerability related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97141&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-6515

DESCRIPTION: An unspecified vulnerability related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 5
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97142&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-6531

DESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information.

CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97146&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-6527

DESCRIPTION: An unspecified vulnerability related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 2.6
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97149&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-6558

DESCRIPTION: An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 2.6
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97151&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)

CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE-ID:CVE-2014-3065

**DESCRIPTION:**IBM Java SDK contains a vulnerability in which the default configuration for the shared classes feature potentially allows arbitrary code to be injected into the shared classes cache, which may subsequently be executed by other local users.

CVSS Base Score: 6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93629&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:S/C:C/I:C/A:C)

Document link ‘Importing HTML’.

Affected Products and Versions

Tivoli Storage Productivity Center 5.2.0 through 5.2.4.1
Tivoli Storage Productivity Center 5.1.0 through 5.1.1.5
Tivoli Storage Productivity Center 4.2.0 through 4.2.2.184
Tivoli Storage Productivity Center 4.1.x

The versions listed above apply to all licensed offerings of Tivoli Storage Productivity Center, including IBM SmartCloud Virtual Storage Center Storage Analytics Engine.

System Storage Productivity Center is affected if it has one of the Tivoli Storage Productivity Center versions listed above installed on it

Remediation/Fixes

The solution is to apply an appropriate Tivoli Storage Productivity Center fix maintenance for each named product and execute the manual steps listed below. The solution should be implemented as soon as practicable.

If you have downloaded and installed IBM® Runtime Environment Java™ Technology Edition, Version 6 Service Refresh 16 or earlier from an older version of Tivoli Storage Productivity Center, you should download the updated version after applying the fix pack and reinstall IBM® Runtime Environment Java™ Technology Edition, Version 6 Service Refresh 16 Fix Pack 2 or later. Do not use the IBM JRE 1.6.0 or IBM SDK 1.6.0 links provided with the affected Tivoli Storage Productivity Center versions.
**
Note:** It is always recommended to have a current backup before applying any update procedure.

Tivoli Storage Productivity Center V5
Apply the Tivoli Storage Productivity Center fix maintenance as soon as practicable. (See Latest Downloads.)

Affected TPC Version APAR Fixed TPC Version Availability
5.2.x IT06538 5.2.5 March 2015
Tivoli Storage Productivity Center 5.2.5 includes:
  • IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 or later
  • IBM JRE, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 2
  • WebSphere Application Server 8.0.0.9 + PI27100

Important Note: If you upgrade from version 5.2.x to IBM Spectrum Control version 5.2.13 or later, your SSLv3 settings (enabled or disabled) will persist after the upgrade. See Enabling & Disabling Legacy Protocol (SSLv3 & MD5 hash) tecnote for more details.

5.1.x| IT06538| 5.1.1.6

Manual update steps are required in addition to applying 5.1.1.6.| March 2015
Tivoli Storage Productivity Center 5.1.1.6 includes:

  • IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 2
  • IBM JRE, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 2
  • WebSphere Application Server 8.0.0.9 + PI27100
  • Tivoli Integrated Portal 2.2.0.15
  • WebSphere Application Server 7.0.0.35

Additional steps for CVE-2014-3566:
You must upgrade both the Tivoli Storage Productivity Center server and all storage resource agents to a fixed version to resolve this vulnerability.

IBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.

If you have a storage system that no longer connects after upgrading Tivoli Storage Productivity Center to the fixed versions listed above, you may need to temporarily enable SSLv3 (the legacy protocol) within Tivoli Storage Productivity Center to allow that connection until a fix to use a higher level protocol is available for the storage system. Information about doing this is available in the following technote.

Enabling & Disabling Legacy Protocol for Tivoli Storage Productivity Center****

Additional step for Tivoli Storage Productivity Center 5.1.1.6:
Apply WebSphere Application Server 7.0 interim fix PI27101 to Tivoli Integrated Portal. See the WebSphere Application Server security bulletin for more info.

Tivoli Storage Productivity Center V4
Apply the Tivoli Storage Productivity Center fix pack as soon as practicable (See Latest Downloads.) and follow the manual steps provided.

Affected TPC Version APAR Fixed TPC Version Availability
4.2.x IT06558 4.2.2 FP8
(4.2.2.191)

Manual update steps are required in addition to applying 4.2.2 FP8.| March 2015

Tivoli Storage Productivity Center 4.2.2 FP8 includes:

  • IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 2
  • WebSphere Application Server 8.0.0.9 + PI27100
  • Tivoli Integrated Portal 1.1.1.19
    • WebSphere Application Server 6.1.0.45
      Note: For Tivoli Storage Productivity Center 4.1.x, IBM recommends upgrading to a fixed, supported release of the product.
  1. Apply embedded WebSphere Application Server fix pack 6.1.0.47 to Tivoli Storage Productivity Center for Replication if you have not done so before. See Upgrade of embedded WebSphere Application Server fix pack installation procedure for IBM Tivoli Productivity Center for Replication V4.2.2.4 for directions.
  2. Apply WebSphere Application Server 6.1 interim fix PI27103 to update the IBM SDK for the Replication Server. See the WebSphere Application Server security bulletin for more info.
  3. Apply WebSphere Application Server 6.1 interim fix PI27103 to Tivoli Integrated Portal. See the WebSphere Application Server security bulletin for more info.

Additional steps for CVE-2014-3566:
You must upgrade both the Tivoli Storage Productivity Center server and all storage resource agents to a fixed version to resolve this vulnerability.

IBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.

If you have a storage system that no longer connects after upgrading Tivoli Storage Productivity Center to the fixed versions listed above, you may need to temporarily enable SSLv3 (the legacy protocol) within Tivoli Storage Productivity Center to allow that connection until a fix to use a higher level protocol is available for the storage system. Information about doing this is available in the following technote.

Enabling & Disabling Legacy Protocol for Tivoli Storage Productivity Center****

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmspectrum_controlMatch5.1
OR
ibmspectrum_controlMatch5.1.1
OR
ibmspectrum_controlMatch5.2
OR
ibmspectrum_controlMatch5.2.1
OR
ibmspectrum_controlMatch5.2.2
OR
ibmspectrum_controlMatch5.2.3
OR
ibmspectrum_controlMatch5.2.4
OR
ibmspectrum_controlMatch4.2
OR
ibmspectrum_controlMatch4.2.1
OR
ibmspectrum_controlMatch4.2.2

Related

openvas 42
nessus 41
ibm 33
suse 7
redhat 12
aix 1
f5 2
kaspersky 1
ubuntu 3
centos 4
veracode 5
amazon 3
osv 3
debian 2
oraclelinux 4
mageia 1
securityvulns 1
cve 6
cvelist 6
ubuntucve 6
nvd 6
debiancve 5
prion 5
openvas
openvas
SUSE: Security Advisory for IBM Java (SUSE-SU-2014:1526-1)
2015-10-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1549-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1526-1)
2021-06-09 00:00:00
nessus
nessus
SuSE 11.3 Security Update : IBM Java (SAT Patch Number 9992)
2014-12-01 00:00:00
SuSE 11.3 Security Update : IBM Java (SAT Patch Number 9999)
2014-12-01 00:00:00
RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2014:1880) (POODLE)
2014-11-21 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition
2018-06-15 07:01:54
Security Bulletin: Multiple vulnerabilities in current releases of IBM® WebSphere Real Time
2018-06-15 07:02:02
Security Bulletin: CICS Transaction Gateway for Multiplatforms
2018-06-15 07:02:44
suse
suse
Security update for IBM Java (important)
2014-12-02 19:04:43
Security update for IBM Java (important)
2014-11-28 19:05:41
Security update for java-1_7_1-ibm (important)
2014-12-03 17:04:45
redhat
redhat
(RHSA-2014:1876) Critical: java-1.7.0-ibm security update
2014-11-19 00:00:00
(RHSA-2014:1882) Critical: java-1.7.0-ibm security update
2014-11-20 00:00:00
(RHSA-2014:1880) Critical: java-1.7.1-ibm security update
2014-11-20 00:00:00
aix
aix
Multiple vulnerabilities in current releases of the IBM SDK Java Technology Edition; issues in the Oracle October 2014 Critical Patch Update plus the POODLE SSLv3 vulnerability and
2014-11-14 15:40:48
f5
f5
K15745 : Multiple Oracle Java vulnerabilities
2014-10-28 00:00:00
SOL15745 - Multiple Oracle Java vulnerabilities
2014-10-27 00:00:00
kaspersky
kaspersky
KLA10505 Multiple vulnerabilities in Oracle products
2014-10-15 00:00:00
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2014-10-23 00:00:00
OpenJDK 7 vulnerabilities
2014-10-23 00:00:00
OpenJDK 6 vulnerabilities
2014-10-17 00:00:00
centos
centos
java security update
2014-10-15 12:22:05
java security update
2014-10-15 11:42:17
java security update
2014-10-15 11:48:47
veracode
veracode
Information Disclosure
2019-05-02 05:12:51
Privilege Escalation
2019-05-02 05:12:51
Improper Access Control
2019-05-02 05:12:56
amazon
amazon
Important: java-1.6.0-openjdk
2014-10-16 22:15:00
Important: java-1.8.0-openjdk
2014-10-16 22:16:00
Important: java-1.7.0-openjdk
2014-10-16 22:16:00
osv
osv
openjdk-6 - security update
2014-11-26 00:00:00
openjdk-7 - security update
2014-11-29 00:00:00
openjdk-6 - security update
2014-11-28 00:00:00
debian
debian
[SECURITY] [DSA 3077-1] openjdk-6 security update
2014-11-26 19:10:21
[SECURITY] [DSA 3080-1] openjdk-7 security update
2014-11-29 12:43:45
oraclelinux
oraclelinux
java-1.7.0-openjdk security and bug fix update
2014-10-15 00:00:00
java-1.7.0-openjdk security and bug fix update
2014-10-15 00:00:00
java-1.6.0-openjdk security and bug fix update
2014-10-14 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk packages fix security vulnerabilities
2014-10-26 00:23:09
securityvulns
securityvulns
ESA-2015-004: EMC M&amp;R &#40;Watch4Net&#41; Multiple Vulnerabilities
2015-01-25 00:00:00
cve
cve
CVE-2014-4288
2014-10-15 15:55:06
CVE-2014-6493
2014-10-15 22:55:05
CVE-2014-6503
2014-10-15 22:55:06
cvelist
cvelist
CVE-2014-6532
2014-10-15 22:03:00
CVE-2014-4288
2014-10-15 15:15:00
CVE-2014-6503
2014-10-15 22:03:00
ubuntucve
ubuntucve
CVE-2014-6493
2014-10-15 00:00:00
CVE-2014-6503
2014-10-15 00:00:00
CVE-2014-4288
2014-10-15 00:00:00
nvd
nvd
CVE-2014-6503
2014-10-15 22:55:06
CVE-2014-6532
2014-10-15 22:55:07
CVE-2014-6493
2014-10-15 22:55:05
debiancve
debiancve
CVE-2014-6503
2014-10-15 22:55:06
CVE-2014-6532
2014-10-15 22:55:07
CVE-2014-4288
2014-10-15 15:55:06
prion
prion
Design/Logic Flaw
2014-10-15 15:55:00
Design/Logic Flaw
2014-10-15 22:55:00
Design/Logic Flaw
2014-10-15 22:55:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

3.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

0.975 High

EPSS

Percentile

100.0%

JSON
Related for C9A0F83DA43F98BB8749F1E06867002E1C69DB325BE1EE6ED8D3F245105C2D03
openvas42nessus41ibm33suse7redhat12aix1f52kaspersky1ubuntu3centos4veracode5amazon3osv3debian2oraclelinux4mageia1securityvulns1cve6cvelist6ubuntucve6nvd6debiancve5prion5