Lucene search

IBMF9271B9A85906BE32BCFB4DFD357D23682AEF17AD76DD23B8527BF9AF7D4C998

HistoryJun 17, 2018 - 3:23 p.m.

Security Bulletin: The vulnerability in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions(CVE-2016-0363 and CVE-2016-0376)

2018-06-1715:23:05

www.ibm.com

0.071 Low

EPSS

Percentile

94.0%

JSON

Summary

There is vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 6.0, 7.0, 8.0 that is used by IBM Tivoli Composite Application Manager for Transactions. These issues were disclosed as part of the IBM Java SDK updates in April 2016.

Vulnerability Details

CVEID: CVE-2016-0363 DESCRIPTION: IBM SDK, Java Technology Edition contains a vulnerability in the IBM ORB implementation that may allow untrusted code running under a security manager to elevate its privileges. This vulnerability was originally reported as CVE-2013-3009.
CVSS Base Score: 8.1
CVSS Temporal Score: See _https://exchange.xforce.ibmcloud.com/vulnerabilities/112016 _for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-0376**
DESCRIPTION:** A vulnerability in IBM Java SDK could allow a remote attacker to execute arbitrary code on the system. This vulnerability allows code running under a security manager to escalate its privileges by modifying or removing the security manager. This vulnerability was originally reported as CVE-2013-5456.
CVSS Base Score: 8.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112152> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM Tivoli Composite Application Manager (ITCAM) for Transactions : Versions 7.3.x.x to 7.4.x.x are affected.

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM Tivoli Composite Application Manager for Transaction | 7.4
7.3| IV84400| FixCentral link

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli composite application manager for transactionseq7.4

CPE	Name	Operator	Version
	tivoli composite application manager for transactions	eq	7.4

0.071 Low

EPSS

Percentile

94.0%

JSON

Related for F9271B9A85906BE32BCFB4DFD357D23682AEF17AD76DD23B8527BF9AF7D4C998