10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.433 Medium
EPSS
Percentile
97.4%
Multiple security vulnerablilities exist in the JREs shipped with CICS TG for client applications. CICS TG itself is not vulnerable to these risks but client side applications using the JREs might be. You will need to evaluate your own code to determine if you are vulnerable.
CVEID: CVE-2014-0428 Description:
An unspecified vulnerability in Oracle Java SE related to the CORBA component could allow a remote attacker to execute arbitrary code on the system.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90325 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2014-0422
Description:
An unspecified vulnerability in Oracle Java SE related to the JNDI component could allow a remote attacker to execute arbitrary code on the system.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90326 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-5907
Description:
An unspecified vulnerability in Oracle Java SE related to the 2D component could allow a remote attacker to execute arbitrary code on the system.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90324 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2014-0415
Description:
An unspecified vulnerability in Oracle Java SE related to the Deployment component could allow a remote attacker to execute arbitrary code on the system.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90323 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2014-0410
Description:
An unspecified vulnerability in Oracle Java SE related to the Deployment component could allow a remote attacker to execute arbitrary code on the system.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90322 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
AFFECTED PRODUCTS AND VERSIONS:
CICS Transaction Gateway for Multiplatforms v9.0 and earlier.
REMEDIATION:
Upgrade the JRE being used by CICS TG Java client applications. Updated JREs for use with CICS TG Java client applications are made available on Fix Central:
<http://www-933.ibm.com/support/fixcentral/options?selection=Software%3Bibm%2FOther+software%3Bibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms>
Workaround(s):
None
Mitigation(s):
None
RELATED INFORMATION:
Complete CVSS v2 Guide
On-line Calculator v2
[{“Product”:{“code”:“SSGMJ2”,“label”:“CICS Transaction Gateway”},“Business Unit”:{“code”:“BU058”,“label”:“IBM Infrastructure w/TPS”},“Component”:“CTG”,“Platform”:[{“code”:“PF002”,“label”:“AIX”},{“code”:“PF010”,“label”:“HP-UX”},{“code”:“PF016”,“label”:“Linux”},{“code”:“PF027”,“label”:“Solaris”},{“code”:“PF033”,“label”:“Windows”},{“code”:“PF035”,“label”:“z/OS”}],“Version”:“9.0;8.1;8.0;7.2”,“Edition”:“All”,“Line of Business”:{“code”:“LOB35”,“label”:“Mainframe SW”}}]
CPE | Name | Operator | Version |
---|---|---|---|
cics transaction gateway | eq | 9.0 | |
cics transaction gateway | eq | 8.1 | |
cics transaction gateway | eq | 8.0 | |
cics transaction gateway | eq | 7.2 |