Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD9AF579ED87FB13AC37A3BCED4999C8C8EB5A0FB9B1AA6EE60760C45A25DFE35
HistoryJun 15, 2018 - 7:03 a.m.

Security Bulletin: Multiple vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository Studio (CVE-2015-4872, CVE-2015-4911, CVE-2015-4893, CVE-2015-4803)

2018-06-1507:03:51
www.ibm.com
6

0.074 Low

EPSS

Percentile

94.1%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Service Registry and Repository Studio. These issues were disclosed as part of the IBM Java SDK updates in October 2015.

Vulnerability Details

CVEID: CVE-2015-4872** **
DESCRIPTION: An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-4911** **
DESCRIPTION: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107360 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-4893** **
DESCRIPTION: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107359 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-4803** **
DESCRIPTION: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107358 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

WebSphere Service Registry and Repository Studio V8.5, V8.0, V7.5 and V7.0 are affected.

Remediation/Fixes

Note regarding CVE-2015-4911
This was addressed by IBM in June 2008. As a reminder, users of Java 6 and above should
refer to the IBM XL XP-J documentation for the javax.xml.stream.supportDTD property
for information to help avoid this vulnerability.

For all releases of WebSphere Service Registry and Repository Studio, upgrade to WebSphere Service Registry and Repository Studio V8.5.6.0_IV79089_IV80119_IV80540_IV80888

Related

ibm 62
nessus 33
f5 6
debiancve 4
cve 4
ubuntucve 4
prion 4
nvd 4
cvelist 4
openvas 33
amazon 3
ubuntu 2
suse 7
redhat 5
centos 3
oraclelinux 4
debian 3
mageia 1
veracode 11
archlinux 2
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM API Management (CVE-2015-4872 CVE-2015-4911 CVE-2015-4893 CVE-2015-4803)
2018-06-15 07:04:51
Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affected IBM Workflow for Bluemix October 2015
2023-03-06 14:45:22
Security Bulletin: Multiple vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2015-4872 CVE-2015-4911 CVE-2015-4893 CVE-2015-4803)
2018-06-15 07:04:51
nessus
nessus
Oracle JRockit R28 < R28.3.8 Multiple Vulnerabilities (October 2015 CPU)
2015-10-21 00:00:00
Ubuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-2827-1)
2015-12-04 00:00:00
Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2015-2086)
2015-11-19 00:00:00
f5
f5
SOL14132811 - Java vulnerability CVE-2015-4893
2015-11-20 00:00:00
SOL05534090 - Java vulnerability CVE-2015-4803
2015-11-20 00:00:00
K05534090 : Java vulnerability CVE-2015-4803
2015-11-20 00:00:00
debiancve
debiancve
CVE-2015-4803
2015-10-21 21:59:20
CVE-2015-4893
2015-10-21 23:59:53
CVE-2015-4911
2015-10-22 00:00:14
cve
cve
CVE-2015-4803
2015-10-21 21:59:20
CVE-2015-4911
2015-10-22 00:00:14
CVE-2015-4893
2015-10-21 23:59:53
ubuntucve
ubuntucve
CVE-2015-4893
2015-10-21 00:00:00
CVE-2015-4803
2015-10-21 00:00:00
CVE-2015-4911
2015-10-21 00:00:00
prion
prion
Design/Logic Flaw
2015-10-21 21:59:00
Design/Logic Flaw
2015-10-22 00:00:00
Design/Logic Flaw
2015-10-21 23:59:00
nvd
nvd
CVE-2015-4803
2015-10-21 21:59:20
CVE-2015-4893
2015-10-21 23:59:53
CVE-2015-4911
2015-10-22 00:00:14
cvelist
cvelist
CVE-2015-4893
2015-10-21 23:00:00
CVE-2015-4911
2015-10-21 23:00:00
CVE-2015-4803
2015-10-21 21:00:00
openvas
openvas
CentOS: Security Advisory for java (CESA-2015:2086)
2021-04-21 00:00:00
Oracle: Security Advisory (ELSA-2015-2086)
2015-11-19 00:00:00
Oracle: Security Advisory (ELSA-2015-1921)
2015-10-22 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2015-12-14 10:00:00
Critical: java-1.7.0-openjdk
2015-10-27 13:52:00
Important: java-1.8.0-openjdk
2015-10-27 16:39:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2015-12-03 00:00:00
OpenJDK 7 vulnerabilities
2015-10-28 00:00:00
suse
suse
Security update for java-1_7_0-openjdk (important)
2015-11-04 17:12:29
Security update for java-1_7_0-openjdk (important)
2015-11-04 16:14:26
Security update for java-1_7_0-openjdk (important)
2015-11-02 17:11:48
redhat
redhat
(RHSA-2015:1928) Important: java-1.6.0-sun security update
2015-10-22 18:21:17
(RHSA-2015:1920) Critical: java-1.7.0-openjdk security update
2015-10-21 00:00:00
(RHSA-2015:1921) Important: java-1.7.0-openjdk security update
2015-10-21 00:00:00
centos
centos
java security update
2015-10-21 23:14:14
java security update
2015-10-21 23:24:30
java security update
2015-11-18 19:46:16
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2015-10-21 00:00:00
java-1.7.0-openjdk security update
2015-10-21 00:00:00
java-1.6.0-openjdk security update
2015-11-18 00:00:00
debian
debian
[SECURITY] [DLA 346-1] openjdk-6 security update
2015-11-24 08:56:52
[SECURITY] [DSA 3381-2] openjdk-7 security update
2015-11-01 22:21:57
[SECURITY] [DSA 3381-1] openjdk-7 security update
2015-10-27 21:21:20
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2015-10-25 19:34:48
veracode
veracode
Improper Certificate Validation
2019-05-02 05:19:33
Unspecified Vulnerability
2019-05-02 05:19:33
Denial Of Service
2019-05-02 05:19:33
archlinux
archlinux
jdk7-openjdk: multiple issues
2015-10-23 00:00:00
jre7-openjdk-headless: multiple issues
2015-10-23 00:00:00

0.074 Low

EPSS

Percentile

94.1%

JSON
Related for D9AF579ED87FB13AC37A3BCED4999C8C8EB5A0FB9B1AA6EE60760C45A25DFE35
ibm62nessus33f56debiancve4cve4ubuntucve4prion4nvd4cvelist4openvas33amazon3ubuntu2suse7redhat5centos3oraclelinux4debian3mageia1veracode11archlinux2