Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME9DE33B25DA7BFAB57F6CF55393E1F4B2F3963A8329764A6FDBC8D080C3DEAEA
HistoryJul 24, 2020 - 10:19 p.m.

Security Bulletin: Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct for Microsoft Windows

2020-07-2422:19:08
www.ibm.com
13

0.001 Low

EPSS

Percentile

46.4%

JSON

Summary

There is a vulnerability in IBM® Runtime Environment Java™ Version 7 and 8 used by IBM Sterling Connect:Direct for Microsoft Windows. The issue was disclosed as part of the IBM Java SDK updates in January 2018.

Vulnerability Details

CVEID: CVE-2018-2602 DESCRIPTION: An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 4.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137854 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM Sterling Connect:Direct for Microsoft Windows 4.7.0.0 through 4.7.0.5_iFix015
IBM Sterling Connect:Direct for Microsoft Windows 4.8.0.0 through 4.8.0.0_iFix005

Remediation/Fixes

Product

| VRMF |APAR|Remediation/First Fix
—|—|—|—
IBM Sterling Connect:Direct for Microsoft Windows | 4.7.0 | IT25318 | 4.7.0.5_iFix016, available on Fix Central
IBM Sterling Connect:Direct for Microsoft Windows | 4.8.0 | IT25318 | 4.8.0.0_iFix006, available on Fix Central

For older versions/releases IBM recommends upgrading to a fixed, supported version/release of the product.

Workarounds and Mitigations

None

Related

redhatcve 1
cvelist 1
cve 1
debiancve 1
ibm 85
ubuntucve 1
nvd 1
prion 1
veracode 2
openvas 26
nessus 43
redhat 9
centos 2
debian 3
suse 9
osv 3
oraclelinux 2
mageia 1
ubuntu 2
amazon 3
gentoo 1
aix 1
redhatcve
redhatcve
CVE-2018-2602
2019-10-09 16:42:05
cvelist
cvelist
CVE-2018-2602
2018-01-18 02:00:00
cve
cve
CVE-2018-2602
2018-01-18 02:29:19
debiancve
debiancve
CVE-2018-2602
2018-01-18 02:29:19
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK IBM Rational Software Architect and Rational Software Architect for WebSphere Software.
2020-09-10 17:03:14
Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Tivoli Storage Manager FastBack (CVE-2018-2602)
2018-06-17 15:51:50
Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct File Agent
2020-07-24 22:49:37
ubuntucve
ubuntucve
CVE-2018-2602
2018-01-17 00:00:00
nvd
nvd
CVE-2018-2602
2018-01-18 02:29:19
prion
prion
Design/Logic Flaw
2018-01-18 02:29:00
veracode
veracode
Improper Access Control
2019-05-16 02:18:41
Information Disclosure
2019-05-16 02:18:41
openvas
openvas
Oracle Java SE Security Updates (jan2018-3236628) 03 - Windows
2018-01-17 00:00:00
CentOS Update for java CESA-2018:0349 centos7
2018-03-01 00:00:00
Debian: Security Advisory (DSA-4166-1)
2018-04-03 00:00:00
nessus
nessus
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2018-974)
2018-03-27 00:00:00
EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2018-1059)
2018-03-20 00:00:00
RHEL 7 : java-1.6.0-sun (RHSA-2018:0115)
2018-01-23 00:00:00
redhat
redhat
(RHSA-2018:0115) Important: java-1.6.0-sun security update
2018-01-22 20:29:11
(RHSA-2018:0349) Important: java-1.7.0-openjdk security update
2018-02-26 17:04:14
(RHSA-2018:0095) Important: java-1.8.0-openjdk security update
2018-01-17 15:51:35
centos
centos
java security update
2018-02-28 11:23:40
java security update
2018-01-18 12:01:26
debian
debian
[SECURITY] [DSA 4166-1] openjdk-7 security update
2018-04-04 19:30:08
[SECURITY] [DLA 1339-1] openjdk-7 security update
2018-04-03 21:05:12
[SECURITY] [DSA 4144-1] openjdk-8 security update
2018-03-17 18:44:37
suse
suse
Security update for java-1_7_0-openjdk (important)
2018-03-15 12:12:52
Security update for java-1_7_0-openjdk (important)
2018-03-12 18:08:02
Security update for java-1_8_0-openjdk (important)
2018-03-15 03:07:22
osv
osv
openjdk-7 - security update
2018-04-03 00:00:00
openjdk-8 - security update
2018-03-17 00:00:00
openjdk-7 - security update
2018-04-04 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2018-02-26 00:00:00
java-1.8.0-openjdk security update
2018-01-17 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerability
2018-02-02 15:33:47
ubuntu
ubuntu
OpenJDK 8 vulnerabilities
2018-04-02 00:00:00
OpenJDK 7 vulnerabilities
2018-04-02 00:00:00
amazon
amazon
Important: java-1.8.0-openjdk
2018-02-07 17:47:00
Important: java-1.7.0-openjdk
2018-03-21 22:12:00
Important: java-1.8.0-openjdk
2018-02-07 17:45:00
gentoo
gentoo
Oracle JDK/JRE: Multiple vulnerabilities
2018-03-19 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2018-04-30 11:26:59

0.001 Low

EPSS

Percentile

46.4%

JSON
Related for E9DE33B25DA7BFAB57F6CF55393E1F4B2F3963A8329764A6FDBC8D080C3DEAEA
redhatcve1cvelist1cve1debiancve1ibm85ubuntucve1nvd1prion1veracode2openvas26nessus43redhat9centos2debian3suse9osv3oraclelinux2mageia1ubuntu2amazon3gentoo1aix1