Security Bulletin: IBM Smart Analytics System 5600 is affected by multiple vulnerabilities in the IBM SDK Java™ Technology Edition, Version 6

Created by David Tam on Mon, 10/27/2014 - 13:53

Published URL:

https://www.ibm.com/support/pages/node/255133

255133

Security Bulletin

Summary

The IBM Smart Analytics System 5600 contains a management host that is installed with the Mozilla Firefox browser. The browser is configured to use IBM SDK Java™ Technology Edition, Version 6 for Java Web Start applications. The browser software is configured in this manner to allow the use of the Remote Control features of the IBM integrated management module (IMM) web interface. The browser software is accessible only by authorized users of the IBM Smart Analytics System 5600 system and is used primarily to access web pages that are internal to the system. However, it is possible to use the browser to access external websites, and can potentially expose the system to a number of Java Web Start security vulnerabilities that have been identified in the IBM SDK Java™ Technology Edition, Version 6.

Vulnerability Details

CVEID: CVE-2014-3086

DESCRIPTION: A vulnerability in the IBM implementation of the Java Virtual Machine may, under very limited circumstances, allow untrusted code running under a security manager to escalate its privileges.

CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94097 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-4227

DESCRIPTION: An unspecified vulnerability related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94588 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-4262

DESCRIPTION: An unspecified vulnerability related to the Libraries component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94595 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-4219

DESCRIPTION: An unspecified vulnerability related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94589 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-4209

DESCRIPTION: An unspecified vulnerability related to the JMX component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 6.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94596 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-4220

DESCRIPTION: An unspecified vulnerability related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94598 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-4268

DESCRIPTION: An unspecified vulnerability related to the Swing component could allow a remote attacker to obtain sensitive information.

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94602 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-4218

DESCRIPTION: An unspecified vulnerability related to the Libraries component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94599 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-4252

DESCRIPTION: An unspecified vulnerability related to the Security component could allow a remote attacker to obtain sensitive information.

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94600 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-4266

DESCRIPTION: An unspecified vulnerability related to the Serviceability component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94601 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-4265

DESCRIPTION: An unspecified vulnerability related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94597 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-4221

DESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information.

CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/94604 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-4263

DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94606 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-4244

DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94605 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-4208

DESCRIPTION: An unspecified vulnerability related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 2.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94607 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM Smart Analytics System 5600 V1
IBM Smart Analytics System 5600 V2
IBM Smart Analytics System 5600 V3

Remediation/Fixes

For each affected component in the table, download the recommended fix, and install using the link in the Installation instructions column.

For more information about IBM IDs, see the Help and FAQ.

IBM Smart Analytics System 5600 V1 and V2
Affected Component	Recommended Fix	Download Link	Installation Instructions
IBM SDK Java™ Technology Edition, Version 6	Update to Java 6 SR16-FP1	Download Java 6 SR16-FP1	Updating the IBM Java SDK which is configured for use by Firefox on the management host in an IBM Smart Analytics System 5600 environment
IBM Smart Analytics System 5600 V3
Affected Component	Recommended Fix	Download Link	Installation Instructions
IBM SDK Java™ Technology Edition, Version 6	Contact IBM Support to obtain the fix.

For assistance, contact IBM Support:

In the United States and Canada dial 1-800-IBM-SERV
View the support contacts for other countries outside of the United States.
Electronically open a Service Request with IBM Support.

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v2 Guide
On-line Calculator v2

Off

Change History

November 4, 2014: Original version published.

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSKT3D","label":"IBM Smart Analytics System"},"Business Unit":{"code":"BU050","label":"BU NOT IDENTIFIED"},"Component":"IBM Smart Analytics System 5600","Platform":[{"code":"PF016","label":"Linux"}],"Version":"9.7;10.1","Edition":"","Line of Business":{"code":"","label":""}}]

Tips

Security Bulletin: IBM Smart Analytics System 5600 is affected by multiple vulnerabilities in the IBM SDK Java™ Technology Edition, Version 6

Security Bulletin

Summary

Vulnerability Details

Affected Products and Versions

Remediation/Fixes

Get Notified about Future Security Bulletins

References

Change History

Disclaimer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?

Tips

Security Bulletin: IBM Smart Analytics System 5600 is affected by multiple vulnerabilities in the IBM SDK Java™ Technology Edition, Version 6

Security Bulletin

Summary

Vulnerability Details

Affected Products and Versions

Remediation/Fixes

Get Notified about Future Security Bulletins

References

Related Information

Change History

Disclaimer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?