Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC9CB79952C31381EA00CF6FF1D7710EBDC9B4F13415AD2EBDB3F9F3A6354C7B0
HistoryMay 29, 2019 - 12:10 p.m.

Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018.4.1

2019-05-2912:10:01
www.ibm.com
9

0.898 High

EPSS

Percentile

98.8%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM® Cloud App Management V2018.4.1. IBM® Cloud App Management has addressed the applicable CVEs in a later version.

Vulnerability Details

CVEID: CVE-2018-12549 DESCRIPTION: Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-12547 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2019-2422 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVEID: CVE-2019-2449 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2019-2426 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2018-11212 DESCRIPTION: libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429&gt; for the current score
CVSS Environmental Score*: Undefined

Affected Products and Versions

IBM Cloud App Management V2018.4.1

Remediation/Fixes

IBM Cloud App Management V2018 was updated to use a later version of IBM® SDK Java™ Technology Edition. Install IBM Cloud App Management V2019.2.0 to address these security vulnerabilities. IBM Cloud App Management V2019.2.0 is available on IBM Passport Advantage.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud app managementeq2018.4.1

Related

ibm 100
redhat 6
nessus 29
aix 1
kaspersky 1
mageia 1
openvas 21
suse 4
f5 2
veracode 4
redhatcve 4
cve 3
nvd 5
osv 2
cvelist 4
prion 3
ubuntucve 2
alpinelinux 1
debiancve 1
amazon 1
checkpoint_advisories 1
zdi 1
centos 1
ubuntu 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM® Runtime Environment Java™ Version affect IBM Cloud Manager with OpenStack
2019-05-06 11:45:01
Security Bulletin: Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Jan 2019 - Includes Oracle Jan 2019 CPU
2019-07-24 02:00:01
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF
2019-03-18 18:50:02
redhat
redhat
(RHSA-2019:0472) Critical: java-1.8.0-ibm security update
2019-03-05 12:14:26
(RHSA-2019:0469) Critical: java-1.8.0-ibm security update
2019-03-06 21:43:02
(RHSA-2019:0640) Moderate: java-1.8.0-ibm security update
2019-03-25 18:21:21
nessus
nessus
RHEL 7 : java-1.8.0-ibm (RHSA-2019:0472)
2019-03-08 00:00:00
RHEL 6 : java-1.8.0-ibm (RHSA-2019:0469)
2019-03-07 00:00:00
RHEL 6 : java-1.8.0-ibm (RHSA-2019:0640)
2019-03-27 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2019-04-16 10:52:12
kaspersky
kaspersky
KLA11403 Multiple vulnerabilities in Oracle Java SE
2019-01-15 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerability
2019-02-13 14:08:25
openvas
openvas
Mageia: Security Advisory (MGASA-2019-0071)
2022-01-28 00:00:00
openSUSE: Security Advisory for java-11-openjdk (openSUSE-SU-2019:0161-1)
2019-02-13 00:00:00
Oracle Java SE Multiple Vulnerabilities (cpujan2019) - Windows
2019-01-16 00:00:00
suse
suse
Security update for java-11-openjdk (important)
2019-02-12 00:00:00
Security update for java-1_8_0-openjdk (important)
2019-03-18 00:00:00
Security update for java-1_7_0-openjdk (moderate)
2019-06-03 00:00:00
f5
f5
K17848347 : Oracle Java vulnerabilities CVE-2019-2422, CVE-2019-2449, and CVE-2019-2540
2019-02-07 00:00:00
K63404203 : Oracle Java SE vulnerability CVE-2018-11212
2019-02-07 00:00:00
veracode
veracode
Missing Null Check
2019-05-16 03:57:00
Denial Of Service (DoS)
2019-05-16 03:57:00
Denial Of Service (DoS)
2019-05-16 03:57:00
redhatcve
redhatcve
CVE-2018-12549
2019-10-11 16:30:56
CVE-2018-12547
2020-01-03 15:30:50
CVE-2018-11212
2020-01-26 15:56:42
cve
cve
CVE-2018-12549
2019-02-11 15:29:00
CVE-2018-12547
2019-02-11 15:29:00
CVE-2018-11212
2018-05-16 17:29:00
nvd
nvd
CVE-2018-12549
2019-02-11 15:29:00
CVE-2018-12547
2019-02-11 15:29:00
CVE-2018-11212
2018-05-16 17:29:00
osv
osv
CVE-2018-12549
2019-02-11 15:29:00
CVE-2018-12547
2019-02-11 15:29:00
cvelist
cvelist
CVE-2018-12549
2019-02-11 15:00:00
CVE-2018-11212
2018-05-16 17:00:00
CVE-2018-12547
2019-02-11 15:00:00
prion
prion
Design/Logic Flaw
2019-02-11 15:29:00
Code injection
2019-02-11 15:29:00
Denial of service
2018-05-16 17:29:00
ubuntucve
ubuntucve
CVE-2018-11212
2018-05-16 00:00:00
CVE-2019-2449
2019-01-16 00:00:00
alpinelinux
alpinelinux
CVE-2018-11212
2018-05-16 17:29:00
debiancve
debiancve
CVE-2018-11212
2018-05-16 17:29:00
amazon
amazon
Low: libjpeg-turbo
2019-04-25 16:41:00
checkpoint_advisories
checkpoint_advisories
Oracle Java Denial Of Service (CVE-2019-2449)
2019-09-26 00:00:00
zdi
zdi
Oracle Java jnlp Protocol Directory Traversal Arbitrary File Deletion Vulnerability
2019-01-16 00:00:00
centos
centos
java security update
2019-02-26 18:10:55
ubuntu
ubuntu
OpenJDK 11 vulnerability
2019-04-16 00:00:00

0.898 High

EPSS

Percentile

98.8%

JSON
Related for C9CB79952C31381EA00CF6FF1D7710EBDC9B4F13415AD2EBDB3F9F3A6354C7B0
ibm100redhat6nessus29aix1kaspersky1mageia1openvas21suse4f52veracode4redhatcve4cve3nvd5osv2cvelist4prion3ubuntucve2alpinelinux1debiancve1amazon1checkpoint_advisories1zdi1centos1ubuntu1