IBM Support

Security Bulletin: Multiple vulnerabilities in IBM OpenPages Platform with Application Server

Security Bulletin


Summary

The following security vulnerabilities have been identified in versions of IBM OpenPages with Application Server. See Vulnerability Details for CVE IDs.

Vulnerability Details

Customers who have IBM OpenPages with Application Server are potentially impacted by the following vulnerabilities:

CVE ID DESCRIPTION
CVE-2014-2480
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94543 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
An unspecified vulnerability in Oracle WebLogic Server related to the unspecified component has partial confidentiality impact, partial integrity impact, and partial availability impact
CVE-2014-4255
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94544 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Security and Policy component has partial confidentiality impact, partial integrity impact, and partial availability impact.
CVE-2014-2481
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94542 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
An unspecified vulnerability in Oracle WebLogic Server related to the unspecified component has partial confidentiality impact, partial integrity impact, and partial availability impact.
CVE-2014-4254
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94545 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component has partial confidentiality impact, partial integrity impact, and partial availability impact.
CVE-2014-2479
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94546 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component has partial confidentiality impact, partial integrity impact, and partial availability impact.
CVE-2014-4267
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94547 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
An unspecified vulnerability in Oracle WebLogic Server related to the WLS Core Components component has partial confidentiality impact, partial integrity impact, and partial availability impact.
CVE-2014-4256
CVSS Base Score: 5.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94549 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Deployment component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVE-2014-4201
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94552 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component could allow a remote attacker to cause a denial of service.
CVE-2014-4202
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94553 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component could allow a remote attacker to cause a denial of service.
CVE-2014-4210
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94554 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component could allow a remote attacker to obtain sensitive information.
CVE-2014-4253
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94555 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
An unspecified vulnerability in Oracle WebLogic Server related to the WebLogic Server JVM component could allow a remote attacker to cause a denial of service.
CVE-2014-4217
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94558 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component has no confidentiality impact, partial integrity impact, and no availability impact.
CVE-2014-4241
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94559 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component has no confidentiality impact, partial integrity impact, and no availability impact.
CVE-2014-4242
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94557 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
An unspecified vulnerability in Oracle WebLogic Server related to the Console component has no confidentiality impact, partial integrity impact, and no availability impact.

Affected Products and Versions

IBM OpenPages with Application Server 6.2 through 7.0.

Remediation/Fixes

A fix has been created that can remediate all affected versions of the named product. Download and install the fix as soon as practical. The fix and installation instructions are available at the URL listed below:


Patch Download URL
IBM OpenPages with Application Server IF 2 http://www.ibm.com/support/docview.wss?uid=swg24039136

Workarounds and Mitigations

No known workaround, please apply fix.

Get Notified about Future Security Bulletins

References

Complete CVSS v2 Guide
On-line Calculator v2

Related information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Document information

More support for: OpenPages GRC Platform

Software version: 6.2, 6.2.1, 7.0

Operating system(s): Windows

Reference #: 1693429

Modified date: 12 February 2015