Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDF7748BC1A280E2D336D85679EAF0501226DE5BD465A7DE4CA9F419A7B354BAF
HistoryJun 17, 2018 - 12:14 p.m.

Security Bulletin:Multiple vulnerabilities in IBM Java SDK affect IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor(CVE-2016-0494,CVE-2016-0483,CVE-2015-8126,CVE-2015-8472,CVE-2016-0402,CVE-2016-0448,CVE-2015-8540,CVE-2015-7981)

2018-06-1712:14:35
www.ibm.com
14

EPSS

0.127

Percentile

95.6%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7 that is used by IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor.These issues were disclosed as part of the IBM Java SDK updates in January 2016

Vulnerability Details

CVEID: CVE-2016-0494**
DESCRIPTION:** An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109944 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-0483**
DESCRIPTION:** An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109945 for the current score
CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-8126**
DESCRIPTION:** libpng is vulnerable to a buffer overflow, caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions. By persuading a victim to open a specially-crafted PNG file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108010 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/UI:U/C:H/I:H/A:H)

CVEID: CVE-2015-8472**
DESCRIPTION:** libpng is vulnerable to a buffer overflow, caused by improper bounds checking by the png_get_PLTE() and png_set_PLTE() functions. By persuading a victim to open a specially crafted PNG image, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109392 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/UI:U/C:L/I:L/A:L)

CVEID: CVE-2016-0402**
DESCRIPTION:** An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109947 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2016-0448**
DESCRIPTION:** An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109949 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVEID: CVE-2015-8540**
DESCRIPTION:** libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109219 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-7981**
DESCRIPTION:** libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107740 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM FileNet System Monitor v4.5.0
IBM Enterprise Content Management System Monitor v5.1.0
IBM Enterprise Content Management System Monitor v5.2.0

Remediation/Fixes

Product

| VRM|Remediation
—|—|—
IBM FileNet System Monitor| 4.5.0| _Use _FSM 450-FP3-IF5 avaible at https://www-933.ibm.com/support/fixcentral/
IBM Enterprise Content Management System Monitor| 5.1.0| _Use _ECM SM 510-FP3-IF8 avaible at https://www-933.ibm.com/support/fixcentral/
IBM Enterprise Content Management System Monitor| 5.2.0| _Use _ECM SM 5.2.0.3 avaible at https://www-933.ibm.com/support/fixcentral/

Workarounds and Mitigations

NA

Related

nessus 60
fedora 3
redhat 11
suse 17
openvas 48
ibm 25
debian 8
osv 4
aix 1
oraclelinux 3
centos 3
gentoo 1
ubuntu 3
f5 3
amazon 2
kaspersky 1
archlinux 2
slackware 1
cloudfoundry 1
nvd 1
prion 1
nessus
nessus
Fedora 23 : libpng12-1.2.56-1.fc23 (2015-39499d9af8)
2016-03-04 00:00:00
Fedora 22 : libpng12-1.2.56-1.fc22 (2015-ac8100927a)
2016-03-04 00:00:00
RHEL 7 : java-1.6.0-sun (RHSA-2016:0057)
2016-01-22 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: libpng12-1.2.56-1.fc22
2016-01-02 23:21:26
[SECURITY] Fedora 23 Update: libpng12-1.2.56-1.fc23
2016-01-02 22:24:31
[SECURITY] Fedora 23 Update: libpng10-1.0.64-1.fc23
2015-11-24 19:54:37
redhat
redhat
(RHSA-2016:0057) Important: java-1.6.0-sun security update
2016-01-21 11:15:11
(RHSA-2016:0101) Critical: java-1.6.0-ibm security update
2016-02-02 00:00:00
(RHSA-2016:0100) Critical: java-1.7.0-ibm security update
2016-02-02 00:00:00
suse
suse
Security update for java-1_6_0-ibm (important)
2016-03-15 18:21:13
Security update for java-1_7_0-ibm (important)
2016-02-11 15:15:04
Security update for java-1_6_0-ibm (important)
2016-02-11 15:11:40
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:0401-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0770-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0433-1)
2021-06-09 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Decision Optimization Center
2018-06-16 13:38:32
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server
2018-06-16 13:38:32
Title Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Identity Governance and Intelligence 5.2
2018-06-16 21:39:45
debian
debian
[SECURITY] [DLA 410-1] openjdk-6 security update
2016-02-04 14:03:48
[SECURITY] [DSA 3443-1] libpng security update
2016-01-13 21:31:22
[SECURITY] [DSA 3443-1] libpng security update
2016-01-13 21:31:22
osv
osv
openjdk-6 - security update
2016-02-04 00:00:00
libpng - security update
2016-01-13 00:00:00
libpng - security update
2015-12-27 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-02-25 08:44:57
oraclelinux
oraclelinux
libpng security update
2015-12-09 00:00:00
libpng12 security update
2015-12-09 00:00:00
java-1.6.0-openjdk security update
2016-01-26 00:00:00
centos
centos
libpng12 security update
2015-12-09 19:21:50
libpng security update
2015-12-09 14:47:29
java security update
2016-01-26 13:28:19
gentoo
gentoo
libpng: Multiple vulnerabilities
2016-11-15 00:00:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2016-02-01 00:00:00
OpenJDK 7 vulnerabilities
2016-02-01 00:00:00
libpng vulnerabilities
2016-01-06 00:00:00
f5
f5
K65342329 : Java vulnerabilities CVE-2016-0494, CVE-2016-0448, and CVE-2016-0402
2016-03-03 00:00:00
SOL65342329 - Java vulnerabilities CVE-2016-0494, CVE-2016-0448, and CVE-2016-0402
2016-03-03 00:00:00
SOL81903701 - Libpng vulnerability CVE-2015-8472
2016-03-07 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2016-02-19 15:48:00
Medium: libpng
2015-12-14 10:00:00
kaspersky
kaspersky
KLA10743 Multiple vulnerabilities in Oracle Java SE
2016-01-20 00:00:00
archlinux
archlinux
lib32-libpng: multiple issues
2015-11-17 00:00:00
libpng: multiple issues
2015-11-17 00:00:00
slackware
slackware
[slackware-security] libpng
2015-12-03 08:20:21
cloudfoundry
cloudfoundry
USN-2861-1 libpng vulnerability | Cloud Foundry
2016-01-19 00:00:00
nvd
nvd
CVE-2015-8472
2016-01-21 15:59:00
prion
prion
Buffer overflow
2016-01-21 15:59:00

EPSS

0.127

Percentile

95.6%

JSON
Related for DF7748BC1A280E2D336D85679EAF0501226DE5BD465A7DE4CA9F419A7B354BAF
nessus60fedora3redhat11suse17openvas48ibm25debian8osv4aix1oraclelinux3centos3gentoo1ubuntu3f53amazon2kaspersky1archlinux2slackware1cloudfoundry1nvd1prion1