IBME8D1954E7F4E50A7F1CC861CDAF69D1A363FA2EE425AF143C971F230E8015C10Security Bulletin: CICS Transaction Gateway for Multiplatforms
EPSS
Percentile
100.0%
Summary
Multiple security vulnerablilities exist in the JREs shipped with CICS TG for client applications. CICS TG itself is not vulnerable to all these risks but client side applications using the CICS TG supplied JREs might be.
Vulnerability Details
CVEID:CVE-2014-6513
**DESCRIPTION:*An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97127> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID:CVE-2014-6456
**DESCRIPTION:*An unspecified vulnerability related to the Deployment component has
complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97130> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID:CVE-2014-6503
**DESCRIPTION:*An unspecified vulnerability related to the Deployment component has
complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97129> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID:CVE-2014-6532
**DESCRIPTION:*An unspecified vulnerability related to the Deployment component has
complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97128> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID:CVE-2014-4288
**DESCRIPTION:*An unspecified vulnerability related to the Deployment component has
complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 7.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97135> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID:CVE-2014-6493
**DESCRIPTION:*An unspecified vulnerability related to the Deployment component has
complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 7.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97134> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID:CVE-2014-6492
**DESCRIPTION:*An unspecified vulnerability related to the Deployment component has
complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 7.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97133> for the current score
IBM Confidential
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID:CVE-2014-6458
**DESCRIPTION:*An unspecified vulnerability related to the Deployment component has
complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 6.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97137> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVEID:CVE-2014-6466
**DESCRIPTION:*An unspecified vulnerability related to the Deployment component has
complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 6.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97136> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVEID:CVE-2014-6506
**DESCRIPTION:*An unspecified vulnerability related to the Libraries component has partial confidentiality impact, partial integrity impact, and partial availability impact.
CVSS Base Score: 6.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97139> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID:CVE-2014-6476
**DESCRIPTION:*An unspecified vulnerability related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97141> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID:CVE-2014-6515
IBM Confidential
**DESCRIPTION:*An unspecified vulnerability related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97142> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID:CVE-2014-6511
**DESCRIPTION:*An unspecified vulnerability related to the 2D component could allow a
remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97140> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID:CVE-2014-6531
**DESCRIPTION:*An unspecified vulnerability related to the Libraries component could allow a
remote attacker to obtain sensitive information.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97146> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID:CVE-2014-6512
**DESCRIPTION:*An unspecified vulnerability related to the Libraries component has no
confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97147> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID:CVE-2014-6457
**DESCRIPTION:*An unspecified vulnerability related to the JSSE component has partial
confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score
IBM Confidential
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVEID:CVE-2014-6527
**DESCRIPTION:*An unspecified vulnerability related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 2.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97149> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVEID:CVE-2014-6502
**DESCRIPTION:*An unspecified vulnerability related to the Libraries component has no
confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 2.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97150> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVEID:CVE-2014-6558
**DESCRIPTION:*An unspecified vulnerability related to the Security component has no
confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 2.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97151> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVEID:CVE-2014-3566
**DESCRIPTION:*Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle OnDowngraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID:CVE-2014-3065
**DESCRIPTION:*IBM Java SDK contains a vulnerability in which the default configuration for the shared classes feature potentially allows arbitrary code to be injected into the shared classes cache, which may subsequently be executed by other local users.
CVSS Base Score: 6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93629> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:L/AC:H/Au:S/C:C/I:C/A:C)
Affected Products and Versions
CICS Transaction Gateway for Multiplatforms v7.2, v8.0, v8.1, v9.0 and v9.1. Inclusion in this list does not imply that all the products are supported. See the IBM Support Lifecycle page for product end of support dates.
Remediation/Fixes
Updated JRE’s have been made available on Fix Central. Upgrade the JRE used by CICS TG Java client applications and/or the CICS TG Gateway daemon. Updated JREs which can used with CICS TG Java client applications and the Gateway daemon are made available on Fix Central:
<http://www-933.ibm.com/support/fixcentral/options?selection=Software%3Bibm%2FOther+software%3Bibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms>
Related
EPSS
Percentile
100.0%