Security Bulletin
Summary
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM Support Assistant Team Server. These issues were disclosed as part of the IBM Java SDK updates in July 2014.
Vulnerability Details
|
The following two advisories are included in the IBM® SDK Java™ Technology Edition and IBM Support Assistant Team Server may be vulnerable to them. CVEID: CVE-2014-3068 DESCRIPTION: A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. CVSS Base Score: 2.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93756 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N) The following advisories are included in the IBM Java SDK but IBM Support Assistant Team Server is not vulnerable to them. Please refer to the Reference section for more information on the advisories not applicable to IBM Support Assistant Team Server: CVE IDs: CVE-2014-4227 CVE-2014-4262 CVE-2014-4216 CVE-2014-2490 CVE-2014-4223 CVE-2014-4219 CVE-2014-2483 CVE-2014-4209 CVE-2014-4220 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4252 CVE-2014-4266 CVE-2014-4262 CVE-2014-4265 CVE-2014-4221 CVE-2014-4208 |
Affected Products and Versions
IBM Java SDK shipped with IBM Support Assistant Team Server versions 5.0.0 and 5.0.1.
Get Notified about Future Security Bulletins
References
Change History
12 November 2014: Original Version Published
14 November 2014: Adding CVE-2014-3068 to list of potential vulnerabilities
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21681371