Security Bulletin: Flex System Manager (FSM) – June 2013 Java Vulnerabilities



Abstract

Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FSM.

Content

VULNERABILITY DETAILS:

CVE ID: CVE-2013-2468
CVSS Base Score:  10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85034
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2469
CVSS Base Score:  10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85032
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2465
CVSS Base Score:  10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85031
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2464
CVSS Base Score:  10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85030
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2463
CVSS Base Score:  10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85029
CVSS Environmental Score: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2473
CVSS Base Score:  10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85028
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2472
CVSS Base Score:  10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85027
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2471
CVSS Base Score:  10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85026
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2470
CVSS Base Score:  10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85025
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2459
CVSS Base Score:  10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85033
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2466
CVSS Base Score:  10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85035
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2462
CVSS Base Score:  9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85037
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2460
CVSS Base Score:  9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85038
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-3006
CVSS Base Score:  9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84147
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-3007
CVSS Base Score:  9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84148
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-3008
CVSS Base Score:  9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84149
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-3009
CVSS Base Score:  9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84150
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-3010
CVSS Base Score:  9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84151
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE ID: CVE-2013-3743
CVSS Base Score:  7.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85036
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2448
CVSS Base Score:  7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85040
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2442
CVSS Base Score:  7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85041
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2013-4002
CVSS Base Score:  7.1
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85260
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)

CVE ID: CVE-2013-2407
CVSS Base Score:  6.4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85044
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE ID: CVE-2013-2454
CVSS Base Score:  5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85045
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVE ID: CVE-2013-2458
CVSS Base Score:  5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85046
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVE ID: CVE-2013-3744
CVSS Base Score:  5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85051
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2013-2400
CVSS Base Score:  5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85050
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2013-2456
CVSS Base Score:  5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85058
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-2453
CVSS Base Score:  5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85053
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2013-2457
CVSS Base Score:  5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85052
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2013-2455
CVSS Base Score:  5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84146
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-2443
CVSS Base Score:  5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85054
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-2447
CVSS Base Score:  5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85056
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-2437
CVSS Base Score:  5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85049
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2013-2444
CVSS Base Score:  5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85047
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2013-2452
CVSS Base Score:  5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85055
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-2446
CVSS Base Score:  5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85048
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-2450
CVSS Base Score:  5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85057
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE ID: CVE-2013-0169
CVSS Base Score:  4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81902
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-2451
CVSS Base Score:  3.7
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85057
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE ID: CVE-2013-1500
CVSS Base Score:  3.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85062
CVSS Environmental Score: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N)

CVE ID: CVE-2013-2415
CVSS Base Score:  2.1
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83592
CVSS Environmental Score: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Affected products and versions

IBM Flex System Manager Node, Types 7955, 8731, 8734 all models, 1.1.0 - 1.3

Remediation:

Install FSMApplianceUpdate-1-3-1 update packagefor Flex System Manager Node. The package is available on IBM Fix Central.

Workaround(s) & Mitigation(s):

None

References:

Related Information:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Acknowledgement
None

Change History
06 December 2013: Original Copy Published

 

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Applicable countries and regions

 


Document id:  MIGR-5094215
Last modified:  2013-12-06
Copyright © 2014 IBM Corporation