Security Bulletin: The Java version bundled with IBM OpenPages GRC Platform version 6.2 is susceptible to multiple vulnerabilities in the Java Runtime Environment (JRE)

Flash (Alert)


Abstract

The version of Java included with OpenPages GRC Platform version 6.2 has reported vulnerabilities that allow remote attackers to affect confidentiality, integrity, and availability of the Java platform via various vectors.

CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159,
CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071,
CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079,
CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5089

Content

VULNERABILITY DETAILS:

CVEID: CVE-2012-1531
Description: Remote attackers could affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79413 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-1532
Description: Remote attackers could affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79417 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-1533
Description: Remote attackers could affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79416 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-3143
Description: Remote attackers could affect confidentiality, integrity, and availability, related to JMX.
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79419 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-3159
Description: Remote attackers could affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79424 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2012-3216
Description: Remote attackers could affect confidentiality via unknown vectors related to Libraries.
CVSS Base Score: 2.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79436 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVEID: CVE-2012-4416
Description: Remote attackers could affect confidentiality and integrity via unknown vectors related to Hotspot.
CVSS Base Score: 6.4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/78432 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVEID: CVE-2012-5068
Description: Remote attackers could affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79425 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2012-5069
Description: Remote attackers could affect confidentiality and integrity via unknown vectors related to Concurrency.
CVSS Base Score: 5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79428 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVEID: CVE-2012-5071
Description: Remote attackers could affect confidentiality and integrity, related to JMX.
CVSS Base Score: 6.4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79427 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVEID: CVE-2012-5072
Description: Remote attackers could affect confidentiality via unknown vectors related to Security.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79329 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2012-5073
Description: Remote attackers could affect integrity via unknown vectors related to Libraries.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79432 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2012-5075
Description: Remote attackers could affect confidentiality, related to JMX.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79431 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2012-5077
Description: An undisclosed vulnerability exists in a portion of the JRE related to Security.
CVSS Base Score 2.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79437 for the current score
CVSS Environmental Score*: undefined
CVSS Vector (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVEID: CVE-2012-5079
Description: Remote attackers could affect integrity via unknown vectors related to Libraries.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79433 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2012-5081
Description: Remote attackers could affect availability, related to JSSE.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79435 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2012-5083
Description: Remote attackers could affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79412 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-5084
Description: Remote attackers could affect confidentiality, integrity, and availability via unknown vectors related to Swing.
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79423 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-5086
Description: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to Beans.
CVSS Base Score 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79414 for the current score
CVSS Environmental Score*: undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-5089
Description: Remote attackers could affect confidentiality, integrity, and availability, related to JMX.
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79422 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)


AFFECTED PRODUCTS AND VERSIONS:
IBM OpenPages GRC Platform version 6.2


REMEDIATION:
Fixes:
Download and install IBM OpenPages GRC Platform version 6.2.1 from Passport Advantage. Download information is available on the Downloading IBM OpenPages GRC 6.2.1 from Passport Advantage page.

Workaround(s):
None known; apply fixes.

Mitigation(s):
None known


REFERENCES:
Complete CVSS Guide
On-line Calculator V2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089


RELATED INFORMATION:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog


CHANGE HISTORY
7 May 2013: Original Copy Published


*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.


Rate this page:

(0 users)Average rating

Document information


More support for:

OpenPages GRC Platform

Software version:

6.2.1

Operating system(s):

AIX, Linux, Windows

Reference #:

1636462

Modified date:

2013-05-07

Translate my page

Machine Translation

Content navigation