Security Bulletin: IBM Tivoli Monitoring clients affected by vulnerabilities in IBM JRE executed under a security manager.

Flash (Alert)


Abstract

IBM Tivoli Monitoring ships and uses a Java Runtime Environment (JRE). This alert addresses several vulnerabilities for the Tivoli Enterprise Portal browser JRE which might allow remote untrusted Java WebStart applications and untrusted Java applets to affect confidentiality, availability and integrity.

Content

VULNERABILITY DETAILS:

CVE ID DESCRIPTION
CVE-2012-1541
CVSS Base Score: 10
CVSS Temporal Score: See http:/xforce.iss.net/xforce/xfdb/81761
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability, related to Deployment
CVE-2012-3174
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81200
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors
CVE-2012-3213
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81769
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting
CVE-2012-3342
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/78334
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
The Java Web Start Launcher component of the Java Runtime Environment in Windows has a vulnerability in the escaping of arguments that it passes to the javaw.exe application which can lead to remote code execution.
CVE-2013-0169
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74380
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by an error related to JScript9 when attempting to access objects that have been deleted.
CVE-2013-0351
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81786
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
An unspecified vulnerability in Java within the Deployment component could allow a remote attacker to execute arbitrary code on the system with elevated privileges.
CVE-2013-0401
CVSS Base Score: 5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82823
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
The JRE component allows remote attackers to execute arbitrary code via vectors related to AWT
CVE-2013-0409
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81793
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Unspecified vulnerability in the JRE allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX
CVE-2013-0419
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81783
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
CVE-2013-0422
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81117
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Java Runtime Environment could allow a remote attacker to execute arbitrary code on the system, caused by errors involving Java Management Extensions (JMX) MBean components
CVE-2013-0423
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81784
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
CVE-2013-0424
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81798
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via vectors related to RMI
CVE-2013-0425
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81766
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
CVE-2013-0426
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81767
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
An unspecified vulnerability in the JRE within the Libraries component could allow a remote attacker to execute arbitrary code on the system with elevated privileges.
CVE-2013-0427
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81795
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
CVE-2013-0428
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81768
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
CVE-2013-0429
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81782
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component in allows remote attackers to affect confidentiality via vectors related to CORBA
CVE-2013-0431
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81794
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Unspecified vulnerability in the JRE component allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX
CVE-2013-0432
CVSS Base Score: 6.4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81788
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality and integrity via vectors related to AWT
CVE-2013-0433
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81797
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Networking
CVE-2013-0434
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81792
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via vectors related to JAXP
CVE-2013-0435
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81791
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via vectors related to JAX-WS
CVE-2013-0437
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81753
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
CVE-2013-0438
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81800
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via unknown vectors related to Deployment
CVE-2013-0440
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81799
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Unspecified vulnerability in the JRE component allows remote attackers to affect availability via vectors related to JSSE
CVE-2013-0441
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81758
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA
CVE-2013-0442
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81755
CVSS Environmental Score*: Undefined
CVSS Vector: AV:/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
CVE-2013-0443
CVSS Base Score: 4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81801
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality and integrity via vectors related to JSSE
CVE-2013-0444
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81781
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Unspecified vulnerability in JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans
CVE-2013-0445
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81756
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
CVE-2013-0446
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81762
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
CVE-2013-0449
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81789
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via unknown vectors related to Deployment
CVE-2013-0450
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81764
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX
CVE-2013-0809
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82515
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to execute arbitrary code via unknown vectors
CVE-2013-1473
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81790
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Deployment
CVE-2013-1475
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81759
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA
CVE-2013-1476
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81760
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA
CVE-2013-1478
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81754
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE 2D component could allow a remote attacker to execute arbitrary code on the system with elevated privileges.
CVE-2013-1480
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81757
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
CVE-2013-1481
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81770
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound
CVE-2013-1484
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82179
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
CVE-2013-1485
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82180
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Libraries
CVE-2013-1486
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82178
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX
CVE-2013-1487
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82177
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
CVE-2013-1488
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82821
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
The JRE component allows remote attackers to execute arbitrary code via unspecified vectors involving reflection and Libraries
CVE-2013-1489
CVSS Base Score: 0
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81802
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:N
Unspecified vulnerability in the JRE component allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user
CVE-2013-1491
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82822
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
The JRE component allows remote attackers to execute arbitrary code via vectors related to 2D
CVE-2013-1493
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82514
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
The color management (CMM) functionality in the 2D component allows remote attackers to execute arbitrary code or cause a denial of service via an image with crafted raster parameters, which triggers an out-of-bounds read or memory corruption in the JVM
CVE-2013-1518
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83566
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP
CVE-2013-1537
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83571
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI
CVE-2013-1540
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83590
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Deployment
CVE-2013-1557
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83572
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI
CVE-2013-1558
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83561
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans
CVE-2013-1563
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83579
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install
CVE-2013-1564
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83584
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to JavaFX
CVE-2013-1569
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83557
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE is vulnerable to a stack-based buffer overflow in the fontmanager native component,
CVE-2013-2383
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83555
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE fontmanager component could allow a remote attacker to execute arbitrary code on the system.
CVE-2013-2384
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83556
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE fontmanager component could allow a remote attacker to execute arbitrary code on the system.
CVE-2013-2394
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83576
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
CVE-2013-2415
CVSS Base Score: 2.1
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83592
CVSS Environmental Score*: Undefined
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Unspecified vulnerability in the JRE component allows local users to affect confidentiality via vectors related to JAX-WS
CVE-2013-2416
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83588
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Deployment
CVE-2013-2417
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83586
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Unspecified vulnerability in the JRE component allows remote attackers to affect availability via unknown vectors related to Networking
CVE-2013-2418
CVSS Base Score: 4.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83587
CVSS Environmental Score*: Undefined
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Unspecified vulnerability in the JRE component allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
CVE-2013-2419
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83581
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect availability via unknown vectors related to 2D
CVE-2013-2420
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83560
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
CVE-2013-2421
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83573
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Unspecified vulnerability in JRE component llows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot.
CVE-2013-2422
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83570
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
CVE-2013-2423
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83591
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows a remote attacker to bypass sandbox restrictions and execute arbitrary code on the system, caused by weak access control on static classes
CVE-2013-2424
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83582
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via vectors related to JMX
CVE-2013-2425
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83564
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install
CVE-2013-2426
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83574
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:<M/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
CVE-2013-2429
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83578
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO
CVE-2013-2430
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83577
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO
CVE-2013-2431
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83564
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot
CVE-2013-2432
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83559
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
CVE-2013-2433
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83589
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Deployment
CVE-2013-2434
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83558
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
CVE-2013-2435
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83563
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
CVE-2013-2436
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83575
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
CVE-2013-2438
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83585
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to JavaFX
CVE-2013-2440
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83562
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment

In addition, the IBM 1.6 JRE updated in the patches listed in the Remediation section below also include the following CVEs:
CVE-2013-2467
CVSS Base Score: 6.9
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85043 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in theJRE Install component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2448
CVSS Base Score: 7.6
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85040 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE Sound component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2459
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85033 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2463
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85029 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2464
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85030 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2465
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85031 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2466
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85035 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2468
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85034 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2469
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85032 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2470
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85025 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2471
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85026 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2472
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85027 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2473
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85028 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2460
CVSS Base Score: 9.3
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85038 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE Libraries component could allow a remote attacker to obtain sensitive information.
CVE-2013-2462
CVSS Base Score: 9.3
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85037 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact
CVE-2013-3743
CVSS Base Score: 9.3
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85036 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2444
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85047 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
An unspecified vulnerability in the JRE AWT component could allow a remote attacker to cause a denial of service.
CVE-2013-2450
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85057 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
An unspecified vulnerability in the JRE Serialization component could allow a remote attacker to cause a denial of service.
CVE-2013-2400
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85050 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
An unspecified vulnerability in the JRE Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.
CVE-2013-2453
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85053 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
An unspecified vulnerability in the JRE JMX component has no confidentiality impact, partial integrity impact, and no availability impact.
CVE-2013-2457
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85052 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
An unspecified vulnerability in the JRE JMX component has no confidentiality impact, partial integrity impact, and no availability impact.
CVE-2013-3744
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85051 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
An unspecified vulnerability in the JREA Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.
CVE-2013-2412
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85059 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE Serviceability component could allow a remote attacker to obtain sensitive information.
CVE-2013-2437
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85049 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE Deployment component could allow a remote attacker to obtain sensitive information.
CVE-2013-2443
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85054 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE Libraries component could allow a remote attacker to obtain sensitive information.
CVE-2013-2446
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85048 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE CORBA component could allow a remote attacker to obtain sensitive information.
CVE-2013-2447
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85056 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE Networking component could allow a remote attacker to obtain sensitive information
CVE-2013-2452
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85055 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE Libraries component could allow a remote attacker to obtain sensitive information.
CVE-2013-2455
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/84146 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE Libraries component could allow a remote attacker to obtain sensitive information
CVE-2013-2456
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85058 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE Serialization component could allow a remote attacker to obtain sensitive information
CVE-2013-2449
CVSS Base Score: 4.3
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85060 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE Libraries component could allow a remote attacker to obtain sensitive information.
CVE-2013-2407
CVSS Base Score: 6.4
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85044 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)
An unspecified vulnerability in the JRE Libraries component has partial confidentiality impact, no integrity impact, and partial availability impact.
CVE-2013-1500
CVSS Base Score: 3.6
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85062 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N)
An unspecified vulnerability in the JRE 2D component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVE-2013-2454
CVSS Base Score: 5.8
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85045 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
An unspecified vulnerability in the JRE JDBC component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVE-2013-2458
CVSS Base Score: 5.8
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85046 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
An unspecified vulnerability in the JRE Libraries component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVE-2013-2451
CVSS Base Score: 3.7
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85061 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P)
An unspecified vulnerability in the JRE Networking component has partial confidentiality impact, partial integrity impact, and partial availability impact.
CVE-2013-2442
CVSS Base Score: 7.5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85041 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
An unspecified vulnerability in the JRE Deployment component has partial confidentiality impact, partial integrity impact, and partial availability impact.
CVE-2013-4002
CVSS Base Score: 7.1
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85260 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)
A denial of service vulnerability in IBM Java could result in a complete availability impact on the affected system.
CVEID: CVE-2013-3006
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84147 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact.
CVEID: CVE-2013-3007
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84148 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact.
CVEID: CVE-2013-3008
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84149 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact.
CVEID: CVE-2013-3009
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84150 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact.
CVEID: CVE-2013-3010
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84151 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact.
CVEID: CVE-2013-3011
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84152 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact.
CVEID: CVE-2013-3012
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84153 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact.



AFFECTED PRODUCTS AND VERSIONS:
IBM Tivoli Monitoring version 6.3.0 through 6.3.0 Fix Pack 01
IBM Tivoli Monitoring version 6.2.3 through 6.2.3 Fix Pack 03
IBM Tivoli Monitoring version 6.2.2 through 6.2.2 Fix Pack 09
IBM Tivoli Monitoring version 6.2.1 through 6.2.1 Fix Pack 04
IBM Tivoli Monitoring version 6.2.0 through 6.2.0 Fix Pack 03


REMEDIATION:
These vulnerabilities exist where the affected JRE is installed on systems running the Tivoli Enterprise Portal Browser client or Java WebStart client. The affected JRE is installed on a system when logging into the IBM Tivoli Enterprise Portal using the Browser client or WebStart client and a JRE at the required level does not exist. The portal provides an option to download the provided JRE to the system.

This fix below provides updated JRE packages for the portal which can be downloaded by new client systems. Once the fix has been installed on the portal server, instructions in the README can be used to download the updated JRE from the portal to the portal clients.

Fix VRMF APAR How to acquire fix
6.X.X-TIV-ITM_JRE_TEP-20130726 6.2.0 through 6.3.0 FP1 IV38143 http://www-01.ibm.com/support/docview.wss?uid=swg24035138


The Fix Packs listed below will include the updated JRE packages from the 6.X.X-TIV-ITM_JRE_TEP-20130726 patch.
Fix VRMF APAR How to acquire fix
6.2.3-TIV-ITM-FP0004 6.2.3 IV38143 http://www-01.ibm.com/support/docview.wss?uid=swg2404252
Refer to the link above for status on availability.
6.3.0-TIV-ITM-FP0002 6.3.0 IV44422 http://www-01.ibm.com/support/docview.wss?uid=swg24035402
Refer to the link above for status on availability.


Workaround(s):
None.

Mitigation(s):
None.

REFERENCES:
Complete CVSS Guide
On-line Calculator V2
X-Force Vulnerability Database
CVE-2013-0401 - http://xforce.iss.net/xforce/xfdb/82822
CVE-2013-1488 - http://xforce.iss.net/xforce/xfdb/82820
CVE-2013-1491 - http://xforce.iss.net/xforce/xfdb/82821
CVE-2013-1518 - http://xforce.iss.net/xforce/xfdb/83566
CVE-2013-1537 - http://xforce.iss.net/xforce/xfdb/83571
CVE-2013-1540 - http://xforce.iss.net/xforce/xfdb/83590
CVE-2013-1557 - http://xforce.iss.net/xforce/xfdb/83572
CVE-2013-1558 - http://xforce.iss.net/xforce/xfdb/83561
CVE-2013-1563 - http://xforce.iss.net/xforce/xfdb/83579
CVE-2013-1564 - http://xforce.iss.net/xforce/xfdb/83584
CVE-2013-1569 - http://xforce.iss.net/xforce/xfdb/83557
CVE-2013-2383 - http://xforce.iss.net/xforce/xfdb/83555
CVE-2013-2384 - http://xforce.iss.net/xforce/xfdb/83556
CVE-2013-2394 - http://xforce.iss.net/xforce/xfdb/83576
CVE-2013-2415 - http://xforce.iss.net/xforce/xfdb/83592
CVE-2013-2416 - http://xforce.iss.net/xforce/xfdb/83588
CVE-2013-2417 - http://xforce.iss.net/xforce/xfdb/83586
CVE-2013-2418 - http://xforce.iss.net/xforce/xfdb/83587
CVE-2013-2419 - http://xforce.iss.net/xforce/xfdb/83581
CVE-2013-2420 - http://xforce.iss.net/xforce/xfdb/83560
CVE-2013-2421 - http://xforce.iss.net/xforce/xfdb/83573
CVE-2013-2422 - http://xforce.iss.net/xforce/xfdb/83570
CVE-2013-2423 - http://xforce.iss.net/xforce/xfdb/83591
CVE-2013-2424 - http://xforce.iss.net/xforce/xfdb/83582
CVE-2013-2425 - http://xforce.iss.net/xforce/xfdb/83565
CVE-2013-2426 - http://xforce.iss.net/xforce/xfdb/83574
CVE-2013-2429 - http://xforce.iss.net/xforce/xfdb/83578
CVE-2013-2430 - http://xforce.iss.net/xforce/xfdb/83577
CVE-2013-2431 - http://xforce.iss.net/xforce/xfdb/83564
CVE-2013-2432 - http://xforce.iss.net/xforce/xfdb/83559
CVE-2013-2433 - http://xforce.iss.net/xforce/xfdb/83589
CVE-2013-2434 - http://xforce.iss.net/xforce/xfdb/83558
CVE-2013-2435 - http://xforce.iss.net/xforce/xfdb/83563
CVE-2013-2436 - http://xforce.iss.net/xforce/xfdb/83575
CVE-2013-2438 - http://xforce.iss.net/xforce/xfdb/83585
CVE-2013-2440 - http://xforce.iss.net/xforce/xfdb/83562

In addition, the IBM 1.6 JRE updated in the patches listed in the Remediation section above also include the following CVEs:
CVE-2013-2467 - http://xforce.iss.net/xforce/xfdb/85043
CVE-2013-2448 - http://xforce.iss.net/xforce/xfdb/85040
CVE-2013-2459 - http://xforce.iss.net/xforce/xfdb/85033
CVE-2013-2463 - http://xforce.iss.net/xforce/xfdb/85029
CVE-2013-2464 - http://xforce.iss.net/xforce/xfdb/85030
CVE-2013-2465 - http://xforce.iss.net/xforce/xfdb/85031
CVE-2013-2466 - http://xforce.iss.net/xforce/xfdb/85035
CVE-2013-2468 - http://xforce.iss.net/xforce/xfdb/85034
CVE-2013-2469 - http://xforce.iss.net/xforce/xfdb/85032
CVE-2013-2470 - http://xforce.iss.net/xforce/xfdb/85025
CVE-2013-2471 - http://xforce.iss.net/xforce/xfdb/85026
CVE-2013-2472 - http://xforce.iss.net/xforce/xfdb/85027
CVE-2013-2473 - http://xforce.iss.net/xforce/xfdb/85028
CVE-2013-2460 - http://xforce.iss.net/xforce/xfdb/85038
CVE-2013-2462 - http://xforce.iss.net/xforce/xfdb/85037
CVE-2013-3743 - http://xforce.iss.net/xforce/xfdb/85036
CVE-2013-2444 - http://xforce.iss.net/xforce/xfdb/85047
CVE-2013-2450 - http://xforce.iss.net/xforce/xfdb/85057
CVE-2013-2400 - http://xforce.iss.net/xforce/xfdb/85050
CVE-2013-2453 - http://xforce.iss.net/xforce/xfdb/85053
CVE-2013-2457 - http://xforce.iss.net/xforce/xfdb/85052
CVE-2013-3744 - http://xforce.iss.net/xforce/xfdb/85051
CVE-2013-1571 - http://xforce.iss.net/xforce/xfdb/84715
CVE-2013-2412 - http://xforce.iss.net/xforce/xfdb/85059
CVE-2013-2437 - http://xforce.iss.net/xforce/xfdb/85049
CVE-2013-2443 - http://xforce.iss.net/xforce/xfdb/85054
CVE-2013-2446 - http://xforce.iss.net/xforce/xfdb/85048
CVE-2013-2447 - http://xforce.iss.net/xforce/xfdb/85056
CVE-2013-2452 - http://xforce.iss.net/xforce/xfdb/85055
CVE-2013-2455 - http://xforce.iss.net/xforce/xfdb/84146
CVE-2013-2456 - http://xforce.iss.net/xforce/xfdb/85058
CVE-2013-2449 - http://xforce.iss.net/xforce/xfdb/85060
CVE-2013-2407 - http://xforce.iss.net/xforce/xfdb/85044
CVE-2013-1500 - http://xforce.iss.net/xforce/xfdb/85062
CVE-2013-2454 - http://xforce.iss.net/xforce/xfdb/85045
CVE-2013-2458 - http://xforce.iss.net/xforce/xfdb/85046
CVE-2013-2451 - http://xforce.iss.net/xforce/xfdb/85061
CVE-2013-2442 - http://xforce.iss.net/xforce/xfdb/85041
CVE-2013-4002 - http://xforce.iss.net/xforce/xfdb/85260
CVE-2013-3006 - http://xforce.iss.net/xforce/xfdb/84147
CVE-2013-3007 - http://xforce.iss.net/xforce/xfdb/84148
CVE-2013-3008 - http://xforce.iss.net/xforce/xfdb/84149
CVE-2013-3009 - http://xforce.iss.net/xforce/xfdb/84150
CVE-2013-3010 - http://xforce.iss.net/xforce/xfdb/84151
CVE-2013-3011 - http://xforce.iss.net/xforce/xfdb/84152
CVE-2013-3012 - http://xforce.iss.net/xforce/xfdb/84153


RELATED INFORMATION:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog


ACKNOWLEDGEMENT
None.

CHANGE HISTORY
26 July 2013 Original Copy Published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.


Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Rate this page:

(0 users)Average rating

Document information


More support for:

Tivoli Monitoring Version 6

Software version:

6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.3.0

Operating system(s):

Linux, Windows

Reference #:

1640206

Modified date:

2014-06-09

Translate my page

Machine Translation

Content navigation