IBMF43C795683B9F78C5CC3FE51A6FEB70AA8104D3A5F71BB174EFD86D894611AE7Security Bulletin: Security vulnerability has been identified in IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines as it is dependent on ITM shipped Java
EPSS
Percentile
81.6%
Summary
IBM Java is shipped as an ITM shared component of IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines. Information about a security vulnerability affecting Linux Kernel-based Virtual Machines agent has been published in a security bulletin.
Vulnerability Details
**CVE IDs:**CVE-2015-2625 CVE-2015-1931
DESCRIPTION: This bulletin covers all applicable Java SE CVEs for this product.
CVEID:CVE-2015-2625
**DESCRIPTION:*An unspecified vulnerability related to the JSSE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 2.60
CVSS Temporal Score:
CVSS Environmental Score: Undefined
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
CVEID:CVE-2015-1931
**DESCRIPTION:*IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system.
CVSS Base Score: 2.10
CVSS Temporal Score:
CVSS Environmental Score: Undefined
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Affected Products and Versions
IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual MachinesVersion6.2.3 includes Java Technology Edition, Version 5.0 Service Refresh 9.
IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual MachinesVersion7.1.0 includes Java Technology Edition, Version 5.0 Service Refresh 12, FP1.
IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines** **Version 7.2.0 includes Java Technology Edition, Version 5.0 Service Refresh 12, FP1.
Remediation/Fixes
The fixes for these vulnerabilities are provided in latest Java provided as ITM shared component. Please see the below link to upgrade Java as part of ITM shared component
<http://www-01.ibm.com/support/docview.wss?uid=swg21673490>**.**
APAR numbers are as follows:
IV75166 (CVE-2015-2625)
IV75182 (CVE-2015-1931)
Workarounds and Mitigations
None
Related
EPSS
Percentile
81.6%