News
Abstract
Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere Cast Iron in IBM JRE 6.0 SR12 (and earlier).
Content
VULNERABILITY DETAILS
There are multiple security vulnerabilities in the IBM Java Runtime Environment used in WebSphere Cast Iron.
CVE ID: CVE-2013-1478
Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81754
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2013-0445
Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81756
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2013-1480
Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81757
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2013-1475
Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81759
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2013-1476
Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81760
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2012-1541
Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81761
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2013-0446
Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81762
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2012-3342
Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/78334
CVSS Environmental Score*: Undefined
CVSS Vector: undefined
CVE ID: CVE-2013-0442
Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81755
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:/AC:L/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2013-0450
Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81764
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2013-0425
Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81766
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2013-0426
Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81767
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2013-0428
Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81768
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2012-3213
Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81769
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2013-1481
Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81770
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2013-0419
Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
CVSS Base Score: 7.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81783
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2013-0423
Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
CVSS Base Score: 7.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81784
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2013-0351
Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81786
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE ID: CVE-2013-0432
Description: Allows remote attackers to affect confidentiality and integrity via vectors related to AWT
CVSS Base Score: 6.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81788
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVE ID: CVE-2013-1473
Description: Allows remote attackers to affect integrity via unknown vectors related to Deployment.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81790
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVE ID: CVE-2013-0435
Description: Allows remote attackers to affect confidentiality via vectors related to JAX-WS.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81791
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE ID: CVE-2013-0434
Description: Allows remote attackers to affect confidentiality via vectors related to JAXP
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81792
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE ID: CVE-2013-0409
Description: Allows remote attackers to affect confidentiality via vectors related to JMX.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81793
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE ID: CVE-2013-0427
Description: Allows remote attackers to affect integrity via unknown vectors related to Libraries.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81795
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVE ID: CVE-2013-0433
Description: Allows remote attackers to affect integrity via unknown vectors related to Networking.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81797
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVE ID: CVE-2013-0424
Description: Allows remote attackers to affect integrity via vectors related to RMI.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81798
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVE ID: CVE-2013-0440
Description: Allows remote attackers to affect availability via vectors related to JSSE.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81799
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE ID: CVE-2013-0438
Description: Allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81800
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE ID: CVE-2013-0443
Description: Allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81801
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVE ID: CVE-2013-1487
Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82177
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE ID: CVE-2013-1486
Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82178
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.
AFFECTED PLATFORMS:
IBM WebSphere Cast Iron v6.3 Studio, Virtual Appliance and Physical Appliance
IBM WebSphere Cast Iron v6.3 Live SaaS offering.
WORKAROUND
None available; Apply the fix detailed below.
REMEDIATION:
Apply the fix detailed below.
FIX
For IBM WebSphere Cast Iron v6.3:
Apply the v6.3.0.1 interim fix.
The WebSphere Cast Iron V6.3 interim fix can be obtained via this link
SaaS offering (WebSphere Cast Iron Live v6.3)
Customers still on the lower versions of SaaS offering can request from the WebSphere Cast Iron cloud operations team that their tenant is migrated to the Cast Iron v6.3 Live offering.
APAR LI77261 is targeted for availability in IBM WebSphere Cast Iron v6.3.0.2 fixPacks.
MITIGATION:
None known
REFERENCES:
Complete CVSS Guide (http://www.first.org/cvss/v2/guide)
On-line Calculator V2 (https://nvd.nist.gov/CVSS-v2-Calculator)
CVE-2013-1478 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1478)
CVE-2013-0445 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0445)
CVE-2013-1480 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1480)
CVE-2013-1475 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1475)
CVE-2013-1476 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1476)
CVE-2012-1541 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1541)
CVE-2013-0446 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0446)
CVE-2012-3342 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3342)
CVE-2013-0442 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0442)
CVE-2013-0450 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0450)
CVE-2013-0425 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0425)
CVE-2013-0426 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0426)
CVE-2013-0428 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0428)
CVE-2012-3213 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3213)
CVE-2013-1481 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1481)
CVE-2013-0419 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0419)
CVE-2013-0423 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0423)
CVE-2013-0351 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0351)
CVE-2013-0432 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0432)
CVE-2013-1473 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1473)
CVE-2013-0435 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0435)
CVE-2013-0434 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0434)
CVE-2013-0409 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0409)
CVE-2013-0427 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0427)
CVE-2013-0433 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0433)
CVE-2013-0424 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0424)
CVE-2013-0440 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0440)
CVE-2013-0438 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0438)
CVE-2013-0443 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0443)
CVE-2013-1487 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1487)
CVE-2013-1486 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1486)
CVE-2013-0169 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0169)
CHANGE HISTORY:
<2013/04/30>: Original Copy Published
<2017/03/02>: Support information related to version 6.0 and 6.1 removed as not these version not supported.
Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
swg21634069