Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the Enterprise Common Collector component of the IBM Tivoli zEnterprise Monitoring Agent (CVE-2015-4760, CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931 )

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by the Enterprise Common Collector (a component of IBM Tivoli zEnterprise Monitoring Agent, a component of IBM Tivoli Monitoring). These issues were disclosed as part of the IBM Java SDK updates in July 2015.

Vulnerability Details

CVEID: CVE-2015-4760 DESCRIPTION: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104721 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-2613 DESCRIPTION: An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104734 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-2601 DESCRIPTION: An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104733 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-2625 DESCRIPTION: An unspecified vulnerability related to the JSSE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 2.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104743 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-1931 DESCRIPTION: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system.
CVSS Base Score: 2.1
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/102967&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Affected Products and Versions

Enterprise Common Collector 1.1.0 (a component of IBM Tivoli zEnterprise Monitoring Agent, a component of IBM Tivoli Monitoring v6.2.3 and v6.3.0)

Remediation/Fixes

Product

|

VRMF

|

Operating System

|

Remediation/First Fix

—|—|—|—

IBM Tivoli zEnterprise Monitoring Agent (Enterprise Common Collector v1.1.0 component)

|

v6.2.3

| AIX®|

Fix Central link

Linux® on System z®|

Fix Central link

Linux® on Intel® 32-bit|

Fix Central link

Linux® on Intel® 64-bit|

Fix Central link

32-bit Windows®|

Fix Central link

64-bit Windows®|

Fix Central link

Workarounds and Mitigations

None