Flashes (Alerts)
Abstract
IBM Tivoli Monitoring ships and uses a Java Runtime Environment (JRE). This alert addresses several vulnerabilities for the Tivoli Enterprise Portal browser JRE which might allow remote untrusted Java WebStart applications and untrusted Java applets to affect confidentiality, availability and integrity.
Content
VULNERABILITY DETAILS:
| CVE ID | DESCRIPTION |
| CVE-2012-1541 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81761 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability, related to Deployment |
| CVE-2012-3174 CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81200 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors |
| CVE-2012-3213 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81769 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting |
| CVE-2012-3342 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/78334 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | The Java Web Start Launcher component of the Java Runtime Environment in Windows has a vulnerability in the escaping of arguments that it passes to the javaw.exe application which can lead to remote code execution. |
| CVE-2013-0169 CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/74380 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by an error related to JScript9 when attempting to access objects that have been deleted. |
| CVE-2013-0351 CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81786 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P | An unspecified vulnerability in Java within the Deployment component could allow a remote attacker to execute arbitrary code on the system with elevated privileges. |
| CVE-2013-0401 CVSS Base Score: 5.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82823 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N | The JRE component allows remote attackers to execute arbitrary code via vectors related to AWT |
| CVE-2013-0409 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81793 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX |
| CVE-2013-0419 CVSS Base Score: 7.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81783 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment |
| CVE-2013-0422 CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81117 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Java Runtime Environment could allow a remote attacker to execute arbitrary code on the system, caused by errors involving Java Management Extensions (JMX) MBean components |
| CVE-2013-0423 CVSS Base Score: 7.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81784 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment |
| CVE-2013-0424 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81798 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via vectors related to RMI |
| CVE-2013-0425 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81766 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
| CVE-2013-0426 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81767 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | An unspecified vulnerability in the JRE within the Libraries component could allow a remote attacker to execute arbitrary code on the system with elevated privileges. |
| CVE-2013-0427 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81795 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
| CVE-2013-0428 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81768 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
| CVE-2013-0429 CVSS Base Score: 7.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81782 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component in allows remote attackers to affect confidentiality via vectors related to CORBA |
| CVE-2013-0431 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81794 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX |
| CVE-2013-0432 CVSS Base Score: 6.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81788 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality and integrity via vectors related to AWT |
| CVE-2013-0433 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81797 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Networking |
| CVE-2013-0434 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81792 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via vectors related to JAXP |
| CVE-2013-0435 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81791 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via vectors related to JAX-WS |
| CVE-2013-0437 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81753 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
| CVE-2013-0438 CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81800 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via unknown vectors related to Deployment |
| CVE-2013-0440 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81799 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P | Unspecified vulnerability in the JRE component allows remote attackers to affect availability via vectors related to JSSE |
| CVE-2013-0441 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81758 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA |
| CVE-2013-0442 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81755 CVSS Environmental Score*: Undefined CVSS Vector: AV:/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT |
| CVE-2013-0443 CVSS Base Score: 4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81801 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality and integrity via vectors related to JSSE |
| CVE-2013-0444 CVSS Base Score: 7.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81781 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans |
| CVE-2013-0445 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81756 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT |
| CVE-2013-0446 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81762 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment |
| CVE-2013-0449 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81789 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via unknown vectors related to Deployment |
| CVE-2013-0450 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81764 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX |
| CVE-2013-0809 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82515 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to execute arbitrary code via unknown vectors |
| CVE-2013-1473 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81790 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Deployment |
| CVE-2013-1475 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81759 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA |
| CVE-2013-1476 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81760 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA |
| CVE-2013-1478 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81754 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE 2D component could allow a remote attacker to execute arbitrary code on the system with elevated privileges. |
| CVE-2013-1480 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81757 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
| CVE-2013-1481 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81770 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound |
| CVE-2013-1484 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82179 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
| CVE-2013-1485 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82180 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Libraries |
| CVE-2013-1486 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82178 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX |
| CVE-2013-1487 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82177 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment |
| CVE-2013-1488 CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82821 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | The JRE component allows remote attackers to execute arbitrary code via unspecified vectors involving reflection and Libraries |
| CVE-2013-1489 CVSS Base Score: 0 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81802 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:N | Unspecified vulnerability in the JRE component allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user |
| CVE-2013-1491 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82822 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | The JRE component allows remote attackers to execute arbitrary code via vectors related to 2D |
| CVE-2013-1493 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82514 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | The color management (CMM) functionality in the 2D component allows remote attackers to execute arbitrary code or cause a denial of service via an image with crafted raster parameters, which triggers an out-of-bounds read or memory corruption in the JVM |
| CVE-2013-1518 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83566 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP |
| CVE-2013-1537 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83571 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI |
| CVE-2013-1540 CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83590 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Deployment |
| CVE-2013-1557 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83572 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI |
| CVE-2013-1558 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83561 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans |
| CVE-2013-1563 CVSS Base Score: 7.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83579 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install |
| CVE-2013-1564 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83584 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to JavaFX |
| CVE-2013-1569 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83557 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE is vulnerable to a stack-based buffer overflow in the fontmanager native component, |
| CVE-2013-2383 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83555 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE fontmanager component could allow a remote attacker to execute arbitrary code on the system. |
| CVE-2013-2384 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83556 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE fontmanager component could allow a remote attacker to execute arbitrary code on the system. |
| CVE-2013-2394 CVSS Base Score: 7.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83576 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
| CVE-2013-2415 CVSS Base Score: 2.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83592 CVSS Environmental Score*: Undefined CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows local users to affect confidentiality via vectors related to JAX-WS |
| CVE-2013-2416 CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83598 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Deployment |
| CVE-2013-2417 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83586 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P | Unspecified vulnerability in the JRE component allows remote attackers to affect availability via unknown vectors related to Networking |
| CVE-2013-2418 CVSS Base Score: 4.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83587 CVSS Environmental Score*: Undefined CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P | Unspecified vulnerability in the JRE component allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment |
| CVE-2013-2419 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83581 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect availability via unknown vectors related to 2D |
| CVE-2013-2420 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83560 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
| CVE-2013-2421 CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83573 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in JRE component llows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. |
| CVE-2013-2422 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83570 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. |
| CVE-2013-2423 CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83591 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows a remote attacker to bypass sandbox restrictions and execute arbitrary code on the system, caused by weak access control on static classes |
| CVE-2013-2424 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83582 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via vectors related to JMX |
| CVE-2013-2425 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83564 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install |
| CVE-2013-2426 CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83574 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:<M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
| CVE-2013-2429 CVSS Base Score: 7.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83578 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO |
| CVE-2013-2430 CVSS Base Score: 7.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83577 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO |
| CVE-2013-2431 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83564 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot |
| CVE-2013-2432 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83559 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
| CVE-2013-2433 CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83589 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Deployment |
| CVE-2013-2434 CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83558 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
| CVE-2013-2435 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83563 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment |
| CVE-2013-2436 CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83575 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
| CVE-2013-2438 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83585 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to JavaFX |
| CVE-2013-2440 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83562 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment |
In addition, the IBM 1.6 JRE updated in the patches listed in the Remediation section below also include the following CVEs:
| CVE-2013-2467 CVSS Base Score: 6.9 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85043 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in theJRE Install component has complete confidentiality impact, complete integrity impact, and complete availability impact. |
| CVE-2013-2448 CVSS Base Score: 7.6 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85040 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in the JRE Sound component has complete confidentiality impact, complete integrity impact, and complete availability impact. |
| CVE-2013-2459 CVSS Base Score: 10 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85033 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in the JRE AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact. |
| CVE-2013-2463 CVSS Base Score: 10 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85029 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact. |
| CVE-2013-2464 CVSS Base Score: 10 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85030 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact. |
| CVE-2013-2465 CVSS Base Score: 10 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85031 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact. |
| CVE-2013-2466 CVSS Base Score: 10 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85035 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in the JRE Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact. |
| CVE-2013-2468 CVSS Base Score: 10 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85034 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in the JRE Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact. |
| CVE-2013-2469 CVSS Base Score: 10 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85032 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact. |
| CVE-2013-2470 CVSS Base Score: 10 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85025 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact. |
| CVE-2013-2471 CVSS Base Score: 10 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85026 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact. |
| CVE-2013-2472 CVSS Base Score: 10 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85027 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact. |
| CVE-2013-2473 CVSS Base Score: 10 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85028 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact. |
| CVE-2013-2460 CVSS Base Score: 9.3 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85038 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in the JRE Libraries component could allow a remote attacker to obtain sensitive information. |
| CVE-2013-2462 CVSS Base Score: 9.3 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85037 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in the JRE Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact |
| CVE-2013-3743 CVSS Base Score: 9.3 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85036 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in the JRE AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact. |
| CVE-2013-2444 CVSS Base Score: 5 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85047 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) | An unspecified vulnerability in the JRE AWT component could allow a remote attacker to cause a denial of service. |
| CVE-2013-2450 CVSS Base Score: 5 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85057 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) | An unspecified vulnerability in the JRE Serialization component could allow a remote attacker to cause a denial of service. |
| CVE-2013-2400 CVSS Base Score: 5 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85050 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) | An unspecified vulnerability in the JRE Deployment component has no confidentiality impact, partial integrity impact, and no availability impact. |
| CVE-2013-2453 CVSS Base Score: 5 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85053 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) | An unspecified vulnerability in the JRE JMX component has no confidentiality impact, partial integrity impact, and no availability impact. |
| CVE-2013-2457 CVSS Base Score: 5 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85052 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) | An unspecified vulnerability in the JRE JMX component has no confidentiality impact, partial integrity impact, and no availability impact. |
| CVE-2013-3744 CVSS Base Score: 5 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85051 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) | An unspecified vulnerability in the JREA Deployment component has no confidentiality impact, partial integrity impact, and no availability impact. |
| CVE-2013-2412 CVSS Base Score: 5 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85059 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) | An unspecified vulnerability in the JRE Serviceability component could allow a remote attacker to obtain sensitive information. |
| CVE-2013-2437 CVSS Base Score: 5 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85049 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) | An unspecified vulnerability in the JRE Deployment component could allow a remote attacker to obtain sensitive information. |
| CVE-2013-2443 CVSS Base Score: 5 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85054 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) | An unspecified vulnerability in the JRE Libraries component could allow a remote attacker to obtain sensitive information. |
| CVE-2013-2446 CVSS Base Score: 5 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85048 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) | An unspecified vulnerability in the JRE CORBA component could allow a remote attacker to obtain sensitive information. |
| CVE-2013-2447 CVSS Base Score: 5 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85056 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) | An unspecified vulnerability in the JRE Networking component could allow a remote attacker to obtain sensitive information |
| CVE-2013-2452 CVSS Base Score: 5 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85055 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) | An unspecified vulnerability in the JRE Libraries component could allow a remote attacker to obtain sensitive information. |
| CVE-2013-2455 CVSS Base Score: 5 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/84146 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) | An unspecified vulnerability in the JRE Libraries component could allow a remote attacker to obtain sensitive information |
| CVE-2013-2456 CVSS Base Score: 5 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85058 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) | An unspecified vulnerability in the JRE Serialization component could allow a remote attacker to obtain sensitive information |
| CVE-2013-2449 CVSS Base Score: 4.3 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85060 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) | An unspecified vulnerability in the JRE Libraries component could allow a remote attacker to obtain sensitive information. |
| CVE-2013-2407 CVSS Base Score: 6.4 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85044 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P) | An unspecified vulnerability in the JRE Libraries component has partial confidentiality impact, no integrity impact, and partial availability impact. |
| CVE-2013-1500 CVSS Base Score: 3.6 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85062 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N) | An unspecified vulnerability in the JRE 2D component has partial confidentiality impact, partial integrity impact, and no availability impact. |
| CVE-2013-2454 CVSS Base Score: 5.8 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85045 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) | An unspecified vulnerability in the JRE JDBC component has partial confidentiality impact, partial integrity impact, and no availability impact. |
| CVE-2013-2458 CVSS Base Score: 5.8 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85046 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) | An unspecified vulnerability in the JRE Libraries component has partial confidentiality impact, partial integrity impact, and no availability impact. |
| CVE-2013-2451 CVSS Base Score: 3.7 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85061 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P) | An unspecified vulnerability in the JRE Networking component has partial confidentiality impact, partial integrity impact, and partial availability impact. |
| CVE-2013-2442 CVSS Base Score: 7.5 CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85041 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) | An unspecified vulnerability in the JRE Deployment component has partial confidentiality impact, partial integrity impact, and partial availability impact. |
| CVE-2013-4002 CVSS Base Score: 7.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/85260 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C) | A denial of service vulnerability in IBM Java could result in a complete availability impact on the affected system. |
| CVEID: CVE-2013-3006 CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/84147 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact. |
| CVEID: CVE-2013-3007 CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/84148 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact. |
| CVEID: CVE-2013-3008 CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/84149 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact. |
| CVEID: CVE-2013-3009 CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/84150 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact. |
| CVEID: CVE-2013-3010 CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/84151 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact. |
| CVEID: CVE-2013-3011 CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/84152 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact. |
| CVEID: CVE-2013-3012 CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/84153 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) | An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact. |
AFFECTED PRODUCTS AND VERSIONS:
IBM Tivoli Monitoring version 6.3.0 through 6.3.0 Fix Pack 01
IBM Tivoli Monitoring version 6.2.3 through 6.2.3 Fix Pack 03
IBM Tivoli Monitoring version 6.2.2 through 6.2.2 Fix Pack 09
IBM Tivoli Monitoring version 6.2.1 through 6.2.1 Fix Pack 04
IBM Tivoli Monitoring version 6.2.0 through 6.2.0 Fix Pack 03
REMEDIATION:
These vulnerabilities exist where the affected JRE is installed on systems running the Tivoli Enterprise Portal Browser client or Java WebStart client. The affected JRE is installed on a system when logging into the IBM Tivoli Enterprise Portal using the Browser client or WebStart client and a JRE at the required level does not exist. The portal provides an option to download the provided JRE to the system.
This fix below provides updated JRE packages for the portal which can be downloaded by new client systems. Once the fix has been installed on the portal server, instructions in the README can be used to download the updated JRE from the portal to the portal clients.
| Fix | VRMF | APAR | How to acquire fix |
| 6.X.X-TIV-ITM_JRE_TEP-20130726 (or later) | 6.2.0 through 6.3.0 FP1 | IV38143 | http://www-01.ibm.com/support/docview.wss?uid=swg24035138 |
The Fix Packs listed below will include the updated JRE packages from the 6.X.X-TIV-ITM_JRE_TEP-20130726 patch.
| Fix | VRMF | APAR | How to acquire fix |
| 6.2.3-TIV-ITM-FP0004 | 6.2.3 | IV38143 | http://www-01.ibm.com/support/docview.wss?uid=swg2404252 Refer to the link above for status on availability. |
| 6.3.0-TIV-ITM-FP0002 | 6.3.0 | IV44422 | http://www-01.ibm.com/support/docview.wss?uid=swg24035402 Refer to the link above for status on availability. |
Workaround(s):
None.
Mitigation(s):
None.
REFERENCES:
Complete CVSS Guide
On-line Calculator V2
X-Force Vulnerability Database
CVE-2013-0401 - https://exchange.xforce.ibmcloud.com/vulnerabilities/82822
CVE-2013-1488 - https://exchange.xforce.ibmcloud.com/vulnerabilities/82820
CVE-2013-1491 - https://exchange.xforce.ibmcloud.com/vulnerabilities/82821
CVE-2013-1518 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83566
CVE-2013-1537 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83571
CVE-2013-1540 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83590
CVE-2013-1557 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83572
CVE-2013-1558 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83561
CVE-2013-1563 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83579
CVE-2013-1564 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83574
CVE-2013-1569 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83557
CVE-2013-2383 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83555
CVE-2013-2384 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83556
CVE-2013-2394 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83576
CVE-2013-2415 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83592
CVE-2013-2416 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83588
CVE-2013-2417 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83586
CVE-2013-2418 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83587
CVE-2013-2419 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83581
CVE-2013-2420 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83560
CVE-2013-2421 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83573
CVE-2013-2422 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83570
CVE-2013-2423 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83591
CVE-2013-2424 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83582
CVE-2013-2425 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83565
CVE-2013-2426 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83574
CVE-2013-2429 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83578
CVE-2013-2430 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83577
CVE-2013-2431 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83564
CVE-2013-2432 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83559
CVE-2013-2433 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83589
CVE-2013-2434 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83558
CVE-2013-2435 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83563
CVE-2013-2436 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83575
CVE-2013-2438 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83585
CVE-2013-2440 - https://exchange.xforce.ibmcloud.com/vulnerabilities/83562
In addition, the IBM 1.6 JRE updated in the patches listed in the Remediation section above also include the following CVEs:
CVE-2013-2467 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85043
CVE-2013-2448 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85040
CVE-2013-2459 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85033
CVE-2013-2463 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85029
CVE-2013-2464 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85030
CVE-2013-2465 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85031
CVE-2013-2466 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85035
CVE-2013-2468 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85034
CVE-2013-2469 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85032
CVE-2013-2470 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85025
CVE-2013-2471 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85026
CVE-2013-2472 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85027
CVE-2013-2473 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85028
CVE-2013-2460 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85038
CVE-2013-2462 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85037
CVE-2013-3743 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85036
CVE-2013-2444 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85047
CVE-2013-2450 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85057
CVE-2013-2400 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85050
CVE-2013-2453 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85053
CVE-2013-2457 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85052
CVE-2013-3744 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85051
CVE-2013-1571 - https://exchange.xforce.ibmcloud.com/vulnerabilities/84715
CVE-2013-2412 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85059
CVE-2013-2437 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85049
CVE-2013-2443 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85054
CVE-2013-2446 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85048
CVE-2013-2447 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85056
CVE-2013-2452 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85055
CVE-2013-2455 - https://exchange.xforce.ibmcloud.com/vulnerabilities/84146
CVE-2013-2456 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85058
CVE-2013-2449 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85060
CVE-2013-2407 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85044
CVE-2013-1500 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85062
CVE-2013-2454 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85045
CVE-2013-2458 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85046
CVE-2013-2451 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85061
CVE-2013-2442 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85041
CVE-2013-4002 - https://exchange.xforce.ibmcloud.com/vulnerabilities/85260
CVE-2013-3006 - https://exchange.xforce.ibmcloud.com/vulnerabilities/84147
CVE-2013-3007 - https://exchange.xforce.ibmcloud.com/vulnerabilities/84148
CVE-2013-3008 - https://exchange.xforce.ibmcloud.com/vulnerabilities/84149
CVE-2013-3009 - https://exchange.xforce.ibmcloud.com/vulnerabilities/84150
CVE-2013-3010 - https://exchange.xforce.ibmcloud.com/vulnerabilities/84151
CVE-2013-3011 - https://exchange.xforce.ibmcloud.com/vulnerabilities/84152
CVE-2013-3012 - https://exchange.xforce.ibmcloud.com/vulnerabilities/84153
RELATED INFORMATION:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
ACKNOWLEDGEMENT
None.
CHANGE HISTORY
26 July 2013 Original Copy Published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.
Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
[{"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"6.2.0;6.2.1;6.2.2;6.2.3;6.3.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
26 September 2022
UID
swg21640206