Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMCD0FEB18E8BE43C7EAE964DFDD17AE72DEC6A8AF0FCC39808FAF4B4B52F42037
HistoryJun 17, 2018 - 3:20 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageSight (CVE-2016-0402 and CVE-2015-5041)

2018-06-1715:20:07
www.ibm.com
11

EPSS

0.006

Percentile

78.7%

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 7 and 7R1 that are used by IBM MessageSight. These issues were disclosed as part of the IBM Java SDK updates in January 2016.

Vulnerability Details

CVEID: CVE-2016-0402 DESCRIPTION: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109947 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-5041 DESCRIPTION: A flaw in the IBM J9 JVM allows code to invoke non-public interface methods under certain circumstances. Untrusted code could potentially exploit this. This could lead to sensitive data being exposed to an attacker, or the attacker being able to inject bad data.
CVSS Base Score: 4.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106719 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

IBM MessageSight V1.1 and V1.2

Remediation/Fixes

Product

|
VRMF|
APAR|
Remediation/First Fix
—|—|—|—
IBM MessageSight| 1.1| IT14421| 1.1.0.1-IBM-IMA-IFIT14421

IBM MessageSight|
1.2|
IT14420|
1.2.0.3-IBM-IMA-IFIT14420

Workarounds and Mitigations

None

Related

veracode 7
cve 2
nvd 2
prion 2
cvelist 2
debiancve 1
ubuntucve 1
ibm 24
nessus 56
f5 2
redhat 13
suse 16
openvas 48
aix 1
ubuntu 2
oraclelinux 5
centos 5
amazon 3
debian 3
mageia 1
kaspersky 1
osv 1
gentoo 1
veracode
veracode
Information Disclosure
2019-01-15 09:09:56
Privilege Escalation
2019-01-15 09:09:52
Sandbox Restrictions Bypass
2019-05-02 05:20:30
cve
cve
CVE-2015-5041
2016-06-06 17:59:00
CVE-2016-0402
2016-01-21 02:59:14
nvd
nvd
CVE-2015-5041
2016-06-06 17:59:00
CVE-2016-0402
2016-01-21 02:59:14
prion
prion
Design/Logic Flaw
2016-06-06 17:59:00
Code injection
2016-01-21 02:59:00
cvelist
cvelist
CVE-2015-5041
2016-06-06 17:00:00
CVE-2016-0402
2016-01-21 02:00:00
debiancve
debiancve
CVE-2016-0402
2016-01-21 02:59:14
ubuntucve
ubuntucve
CVE-2016-0402
2016-01-20 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager, WebSphere ILOG JRules and WebSphere Business Events:
2018-06-15 07:05:05
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Access Manager for Mobile
2018-06-16 21:39:47
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server
2018-06-16 13:38:32
nessus
nessus
IBM Java 6.0 < 6.0.16.20 / 6.1 < 6.1.8.20 / 7.0 < 7.0.9.30 / 7.1 < 7.1.3.30 / 8.0 < 8.0.2.10 Multiple Vulnerabilities (Jan 1, 2016)
2022-04-29 00:00:00
RHEL 7 : java-1.8.0-ibm (RHSA-2016:0098)
2016-02-03 00:00:00
SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:0390-1) (SLOTH)
2016-02-11 00:00:00
f5
f5
K65342329 : Java vulnerabilities CVE-2016-0494, CVE-2016-0448, and CVE-2016-0402
2016-03-03 00:00:00
SOL65342329 - Java vulnerabilities CVE-2016-0494, CVE-2016-0448, and CVE-2016-0402
2016-03-03 00:00:00
redhat
redhat
(RHSA-2016:0098) Critical: java-1.8.0-ibm security update
2016-02-02 09:46:58
(RHSA-2016:0101) Critical: java-1.6.0-ibm security update
2016-02-02 00:00:00
(RHSA-2016:0100) Critical: java-1.7.0-ibm security update
2016-02-02 00:00:00
suse
suse
Security update for java-1_8_0-ibm (important)
2016-02-09 14:11:58
Security update for java-1_6_0-ibm (important)
2016-02-11 15:11:40
Security update for java-1_6_0-ibm (important)
2016-03-15 18:21:13
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:0390-1)
2021-04-19 00:00:00
SUSE: Security Advisory for java-1_7_1-ibm (SUSE-SU-2016:0401-1)
2016-02-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0636-1)
2021-06-09 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-02-25 08:44:57
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2016-02-01 00:00:00
OpenJDK 7 vulnerabilities
2016-02-01 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2016-01-26 00:00:00
java-1.7.0-openjdk security update
2016-01-21 00:00:00
java-1.8.0-openjdk security update
2016-01-20 00:00:00
centos
centos
java security update
2016-01-26 13:28:19
java security update
2016-01-21 16:24:45
java security update
2016-01-21 17:19:22
amazon
amazon
Important: java-1.6.0-openjdk
2016-02-19 15:48:00
Important: java-1.7.0-openjdk
2016-02-09 13:30:00
Important: java-1.8.0-openjdk
2016-02-09 13:30:00
debian
debian
[SECURITY] [DSA 3465-1] openjdk-6 security update
2016-02-02 21:31:52
[SECURITY] [DSA 3458-1] openjdk-7 security update
2016-01-27 21:00:48
[SECURITY] [DLA 410-1] openjdk-6 security update
2016-02-04 14:03:48
mageia
mageia
Updated java-1.8.0-openjdk/copy-jdk-configs/lua-lunit/lua-posix packages fix security vulnerability
2016-02-05 20:26:09
kaspersky
kaspersky
KLA10743 Multiple vulnerabilities in Oracle Java SE
2016-01-20 00:00:00
osv
osv
openjdk-6 - security update
2016-02-04 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2016-10-15 00:00:00

EPSS

0.006

Percentile

78.7%

JSON
Related for CD0FEB18E8BE43C7EAE964DFDD17AE72DEC6A8AF0FCC39808FAF4B4B52F42037
veracode7cve2nvd2prion2cvelist2debiancve1ubuntucve1ibm24nessus56f52redhat13suse16openvas48aix1ubuntu2oraclelinux5centos5amazon3debian3mageia1kaspersky1osv1gentoo1