IBM Support

IBM WebSphere Cast Iron Security Bulletin: Multiple security vulnerabilities in IBM JRE 6

News


Abstract

Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere Cast Iron in IBM JRE 6.0 SR12 (and earlier).

Content

VULNERABILITY DETAILS

There are multiple security vulnerabilities in the IBM Java Runtime Environment used in WebSphere Cast Iron.

CVE ID: CVE-2013-1478

Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81754
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-0445

Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81756
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-1480

Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81757
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-1475

Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81759
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-1476

Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475.

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81760
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2012-1541

Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81761
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-0446

Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81762
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2012-3342

Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment

CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/78334
CVSS Environmental Score*: Undefined
CVSS Vector: undefined


CVE ID: CVE-2013-0442

Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81755
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-0450

Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81764
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-0425

Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81766
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-0426

Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428.

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81767
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-0428

Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81768
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2012-3213

Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81769
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-1481

Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81770
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-0419

Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.

CVSS Base Score: 7.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81783
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-0423

Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.

CVSS Base Score: 7.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81784
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-0351

Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.

CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81786
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)


CVE ID: CVE-2013-0432

Description: Allows remote attackers to affect confidentiality and integrity via vectors related to AWT

CVSS Base Score: 6.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81788
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N)


CVE ID: CVE-2013-1473

Description: Allows remote attackers to affect integrity via unknown vectors related to Deployment.

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81790
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)


CVE ID: CVE-2013-0435

Description: Allows remote attackers to affect confidentiality via vectors related to JAX-WS.

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81791
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)


CVE ID: CVE-2013-0434

Description: Allows remote attackers to affect confidentiality via vectors related to JAXP

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81792
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)


CVE ID: CVE-2013-0409

Description: Allows remote attackers to affect confidentiality via vectors related to JMX.

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81793
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)


CVE ID: CVE-2013-0427

Description: Allows remote attackers to affect integrity via unknown vectors related to Libraries.

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81795
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)


CVE ID: CVE-2013-0433

Description: Allows remote attackers to affect integrity via unknown vectors related to Networking.

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81797
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)


CVE ID: CVE-2013-0424

Description: Allows remote attackers to affect integrity via vectors related to RMI.

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81798
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)


CVE ID: CVE-2013-0440

Description: Allows remote attackers to affect availability via vectors related to JSSE.

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81799
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)


CVE ID: CVE-2013-0438

Description: Allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81800
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)


CVE ID: CVE-2013-0443

Description: Allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.

CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81801
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)


CVE ID: CVE-2013-1487

Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82177
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-1486

Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82178
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

AFFECTED PLATFORMS:
IBM WebSphere Cast Iron v6.3 Studio, Virtual Appliance and Physical Appliance
IBM WebSphere Cast Iron v6.3 Live SaaS offering.

WORKAROUND
None available; Apply the fix detailed below.

REMEDIATION:
Apply the fix detailed below.

FIX


For IBM WebSphere Cast Iron v6.3:
Apply the v6.3.0.1 interim fix.

The WebSphere Cast Iron V6.3 interim fix can be obtained via this link

SaaS offering (WebSphere Cast Iron Live v6.3)
Customers still on the lower versions of SaaS offering can request from the WebSphere Cast Iron cloud operations team that their tenant is migrated to the Cast Iron v6.3 Live offering.


APAR LI77261 is targeted for availability in IBM WebSphere Cast Iron v6.3.0.2 fixPacks.

MITIGATION:
None known

REFERENCES:
Complete CVSS Guide (http://www.first.org/cvss/v2/guide)
On-line Calculator V2 (https://nvd.nist.gov/CVSS-v2-Calculator)

CVE-2013-1478 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1478)
CVE-2013-0445 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0445)
CVE-2013-1480 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1480)
CVE-2013-1475 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1475)
CVE-2013-1476 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1476)
CVE-2012-1541 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1541)
CVE-2013-0446 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0446)
CVE-2012-3342 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3342)
CVE-2013-0442 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0442)
CVE-2013-0450 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0450)
CVE-2013-0425 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0425)
CVE-2013-0426 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0426)
CVE-2013-0428 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0428)
CVE-2012-3213 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3213)
CVE-2013-1481 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1481)
CVE-2013-0419 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0419)
CVE-2013-0423 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0423)
CVE-2013-0351 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0351)
CVE-2013-0432 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0432)
CVE-2013-1473 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1473)
CVE-2013-0435 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0435)
CVE-2013-0434 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0434)
CVE-2013-0409 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0409)
CVE-2013-0427 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0427)
CVE-2013-0433 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0433)
CVE-2013-0424 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0424)
CVE-2013-0440 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0440)
CVE-2013-0438 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0438)
CVE-2013-0443 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0443)
CVE-2013-1487 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1487)
CVE-2013-1486 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1486)
CVE-2013-0169 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0169)


CHANGE HISTORY:
<2013/04/30>: Original Copy Published
<2017/03/02>: Support information related to version 6.0 and 6.1 removed as not these version not supported.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

[{"Product":{"code":"SSGR73","label":"IBM Cast Iron Cloud Integration"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"},{"code":"PF009","label":"Firmware"}],"Version":"6.3","Edition":"Virtual;Physical;Cloud","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
25 September 2022

UID

swg21634069

Page Feedback