Vulnerability Name:

CVE-2014-0878 (CCN-91084)

Assigned:2014-05-05
Published:2014-05-05
Updated:2017-08-29
Summary:The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
5.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.3 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-310
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2014-0878

Source: CCN
Type: RHSA-2014-0705
Critical: java-1.7.1-ibm security update

Source: CCN
Type: RHSA-2014-0982
Low: Red Hat Network Satellite server IBM Java Runtime security update

Source: SECUNIA
Type: UNKNOWN
59022

Source: SECUNIA
Type: UNKNOWN
59023

Source: SECUNIA
Type: UNKNOWN
59058

Source: SECUNIA
Type: UNKNOWN
61264

Source: CCN
Type: IBM Security Bulletin 1672043
Multiple vulnerabilities in current releases of the IBM® SDK, Java Technology Edition

Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21672043

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21673836

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21674539

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21676672

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21676703

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21676746

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21679610

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21679713

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21680750

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21681256

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21683484

Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686717

Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21689593

Source: CCN
Type: IBM Security Bulletin 1695800
Tivoli Common Reporting iFixes for CVE-2014-3566,CVE-2014-6145,CVE-2014-1568,CVE-2014-4263,CVE-2014-3513,CVE-2014-3567,CVE-2014-3568,CVE-2014-0107,CVE-2014-0075,CVE-2014-0096,CVE-2014-0099,CVE-2014-0119,CVE-2014-0878,CVE-2014-0460

Source: CCN
Type: IBM Security Bulletin 1020184
Multiple vulnerabilities in the IBM SDK Java Technology for IBM i

Source: CCN
Type: IBM Security Bulletin 1672047
Multiple vulnerabilities in IBM WebSphere Real Time

Source: CCN
Type: IBM Security Bulletin 1672080
InfoSphere Streams is possibly affected by vulnerabilities in the IBM SDK, Java Technology Edition (CVE-2014-0453 and CVE-2014-0460)

Source: CCN
Type: IBM Security Bulletin 1673013
Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server April 2014 CPU

Source: CCN
Type: IBM Security Bulletin 1673611
Multiple IBM SDK Java Technology Edition, Version 7 security vulnerabilities addressed in IBM Endpoint Manager for Remote Control

Source: CCN
Type: IBM Security Bulletin 1673836
Multiple vulnerabilities in IBM API Management

Source: CCN
Type: IBM Security Bulletin 1674132
Two vulnerabilities in FileNet Content Manager and IBM Content Foundation (CVE-2014-0453 and CVE-2014-0878)

Source: CCN
Type: IBM Security Bulletin 1674328
Multiple vulnerabilities in current IBM SDK for Java for IBM Tivoli Network Manager IP Edition April 2014 CPU

Source: CCN
Type: IBM Security Bulletin 1674539
IBM Operational Decision Manager, WebSphere ILOG JRules and WebSphere Business Events: Multiple security vulnerabilities in IBM JRE

Source: CCN
Type: IBM Security Bulletin 1675205
ulnerability in IBM Tivoli System Automation for Integrated Operations Management (several CVEs).

Source: CCN
Type: IBM Security Bulletin 1675343
Multiple vulnerabilities in IBM Multi-Enterprise Integration Gateway (CVE-2014-0460, CVE-2014-0878, CVE-2014-0453)

Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/support/docview.wss?uid=swg21675343

Source: CCN
Type: IBM Security Bulletin 1675588
Multiple vulnerabilities in current IBM SDK for Java - April 2014 CPU update for Lotus Quickr 8.5 for WebSphere Portal

Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/support/docview.wss?uid=swg21675588

Source: CCN
Type: IBM Security Bulletin 1676528
IBM Tivoli Key Lifecycle Manager / IBM Security Key Lifecycle Manager can be affected by vulnerabilities in current IBM SDK for Java shipped by IBM WebSphere Application Server (CVE-2014-0453, CVE-2014-0878)

Source: CCN
Type: IBM Security Bulletin 1676672
Multiple vulnerabilities in the IBM SDK Java Technology Edition component of IBM MessageSight 1.0-1.1 (CVE-2014-0878, CVE-2014-0460 & CVE-2014-0453)

Source: CCN
Type: IBM Security Bulletin 1676703
Two java security vulnerabilities in IBM Security Access Manager for Mobile and IBM Security Access Manager for Web (CVE-2014-0878, CVE-2014-0453)

Source: CCN
Type: IBM Security Bulletin 1676746
IBM Lotus Expeditor fixes for multiple vulnerabilities in IBM JRE

Source: CCN
Type: IBM Security Bulletin 1676860
Multiple security vulnerabilities exist in an IBM SDK for Java that is shipped with IBM WebSphere Portal

Source: CCN
Type: IBM Security Bulletin 1677387
SmartCloud Provisioning - Security vulnerabilities in IBM SDK, Java Technology Edition (CVE-2014-0878, CVE-2014-0460, CVE-2014-0453, CVE-2014-2420)

Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/support/docview.wss?uid=swg21677387

Source: CCN
Type: IBM Security Bulletin 1677490
Multiple IBM SDK Java Technology Edition, Version 6 security vulnerabilities addressed in Tivoli Endpoint Manager for Remote Control

Source: CCN
Type: IBM Security Bulletin 1678048
IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in IBM JRE (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 1678218
IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor is potentially affected by security vulnerabilities in IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 1678883
Tivoli Application Dependency Discovery Manager - Java Quarterly CPU - April 2014.

Source: CCN
Type: IBM Security Bulletin 1679187
Potential security vulnerabilities with JavaTM SDKs

Source: CCN
Type: IBM Security Bulletin 1679524
IBM QuickFile is affected by vulnerabilities that exist in the IBM Runtime Environment, JavaTechnology Edition (CVE-2014-0460, CVE-2014-0878)

Source: CCN
Type: IBM Security Bulletin 1679610
Multiple security vulnerabilities exist in the IBM SDK, Java Technology Edition provided with WebSphere eXtreme Scale

Source: CCN
Type: IBM Security Bulletin 1680750
Multiple security vulnerabilities exist in the IBM SDK, Java Technology Edition provided with WebSphere DataPower XC10 Appliance

Source: CCN
Type: IBM Security Bulletin 1680797
SmartCloud Orchestrator - Multiple security vulnerabilities exist in the IBM SDK, Java Technology Edition ( CVE-2014-0453, CVE-2014-0460, CVE-2014-0878 )

Source: CCN
Type: IBM Security Bulletin 1681114
IBM Notes and Domino - Multiple vulnerabilities in IBM Java (Oracle April 2014 Critical Patch Update) and IBM HTTP Server for Domino (CVE-2014-0963)

Source: CCN
Type: IBM Security Bulletin 1681256
SmartCloud Provisioning - Multiple security vulnerabilities exist in the IBM SDK, Java Technology Edition (CVE-2014-0878,CVE-2014-0460, CVE-2014-0453)

Source: CCN
Type: IBM Security Bulletin 1682526
Multiple Security Vulnerabilities found in IBM Sterling Secure Proxy (CVE-2014-0878, CVE-2014-0107, CVE-2014-0453, CVE-2014-4263, CVE-2014-4244)

Source: CCN
Type: IBM Security Bulletin 1682529
Multiple Security Vulnerabilities found in IBM Sterling External Authentication Server (CVE-2014-0878, CVE-2014-0107, CVE-2014-0453, CVE-2014-4263, CVE-2014-4244)

Source: CCN
Type: IBM Security Bulletin 1682740
Cognos BI Server is affected by the following vulnerabilities: CVE-2014-0107, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0878, CVE-2014-0460

Source: CCN
Type: IBM Security Bulletin 1683484
Multiple vulnerabilities in IBM Java SDK affect Tivoli Provisioning Manager for Software

Source: CCN
Type: IBM Security Bulletin 1683527
IBM Cognos Metrics Manager is affected by the following IBM Java Runtime vulnerabilities: CVE-2014-0878, CVE-2014-0460

Source: CCN
Type: IBM Security Bulletin 1685350
Tivoli Storage Productivity Center - Oracle CPU April 2014

Source: CCN
Type: IBM Security Bulletin 1685689
Multiple vulnerabilities in current IBM SDK for Java for Tivoli Provisioning Manager - April 2014 CPU

Source: CCN
Type: IBM Security Bulletin 1686717
Rational Insight - IBM SDK, Java Technology Edition Quarterly CPU - April 2014 (CVE-2014-0460, CVE-2014-0878)

Source: CCN
Type: IBM Security Bulletin 1686718
Rational Reporting for Development Intelligence - IBM SDK, Java Technology Edition Quarterly CPU - April 2014 (CVE-2014-0460, CVE-2014-0878)

Source: CCN
Type: IBM Security Bulletin 1687297
Security Bulletin: IBM Tivoli Monitoring clients affected by vulnerabilities in IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 1687642
IBM Cognos Express is affected by the following vulnerabilities: CVE-2014-0878, CVE-2014-0460

Source: CCN
Type: IBM Security Bulletin 1689151
IBM SDK, Java Technology Edition and Buffer Overflow vulnerabilities in IBM DB2 Accessories Suite for Linux, UNIX and Windows (CVE-2014-0878,CVE-2014-4263,CVE-2014-0453)

Source: CCN
Type: IBM Security Bulletin 1689593
AppScan Standard can be affected by vulnerability in the current IBM SDK for Java (CVE-2014-0878, CVE-2014-4244, CVE-2014-4263)

Source: BID
Type: UNKNOWN
67601

Source: CCN
Type: BID-67601
IBM Java SDK CVE-2014-0878 Security Bypass Vulnerability

Source: XF
Type: UNKNOWN
ibm-java-cve20140878-weak-sec(91084)

Source: XF
Type: UNKNOWN
ibm-java-cve20140878-weak-sec(91084)

Source: CCN
Type: IBM Security Bulletin 1674778
Multiple vulnerabilities in current IBM SDK for Java for IBM Support Assistant April 2014 CPU

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-0878

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:java_sdk:6.0.0.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.1.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.2.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.3.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.4.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.5.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.6.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.7.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.8.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.8.1:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.9.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.9.1:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.9.2:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.10.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.10.1:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.11.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.12.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.13.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.13.1:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.13.2:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.14.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.15.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:6.0.15.1:*:*:*:technology:*:*:*

    • Configuration 2:
  • cpe:/a:ibm:java_sdk:5.0.0.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.11.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.11.1:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.11.2:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.12.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.12.1:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.12.2:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.12.3:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.12.4:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.12.5:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.13.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.14.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.15.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.16.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.16.1:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.16.2:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.16.3:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.16.4:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:5.0.16.5:*:*:*:technology:*:*:*

    • Configuration 3:
  • cpe:/a:ibm:java_sdk:7.0.0.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:7.0.1.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:7.0.2.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:7.0.3.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:7.0.4.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:7.0.4.1:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:7.0.4.2:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:7.0.5.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:7.0.6.0:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:7.0.6.1:*:*:*:technology:*:*:*
  • OR cpe:/a:ibm:java_sdk:7.1.0.0:*:*:*:technology:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:java:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:7.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sdk:5.0:*:*:*:java:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:8.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sdk:6.0:*:*:*:java:*:*:*
  • OR cpe:/a:ibm:tivoli_network_manager:3.8:*:ip:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_express:9.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_expeditor:6.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_expeditor:6.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_expeditor:6.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_express:10.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_extreme_scale:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_extreme_scale:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_extreme_scale:8.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:8.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:messagesight:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:api_management:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:filenet_system_monitor:4.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:filenet_system_monitor:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operational_decision_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:filenet_content_manager:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operational_decision_manager:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operational_decision_manager:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_composite_application_manager:7.3:*:*:*:transactions:*:*:*
  • OR cpe:/a:ibm:tivoli_provisioning_manager:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.1.1:*:*:*:standard:*:*:*
  • OR cpe:/a:ibm:websphere_extreme_scale:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_business_intelligence:10.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_provisioning:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_provisioning:2.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:security_access_manager:7.0:*:web:*:*:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:filenet_content_manager:5.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.7:-:standard:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.8:-:standard:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_express:10.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:messagesight:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_key_lifecycle_manager:2.5:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:security_access_manager:8.0:*:web:*:*:*:*:*
  • OR cpe:/a:ibm:api_management:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_provisioning_manager:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_provisioning_manager:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_reporting:2.0:*:*:*:development_intelligence:*:*:*
  • OR cpe:/a:ibm:rational_reporting:2.0.1:*:*:*:development_intelligence:*:*:*
  • OR cpe:/a:ibm:rational_reporting:2.0.3:*:*:*:development_intelligence:*:*:*
  • OR cpe:/a:ibm:rational_reporting:2.0.4:*:*:*:development_intelligence:*:*:*
  • OR cpe:/a:ibm:rational_reporting:2.0.5:*:*:*:development_intelligence:*:*:*
  • OR cpe:/a:ibm:rational_reporting:2.0.6:*:*:*:development_intelligence:*:*:*
  • OR cpe:/a:ibm:websphere_portal:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_composite_application_manager:7.4:*:*:*:transactions:*:*:*
  • OR cpe:/a:ibm:operational_decision_manager:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:10.5:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:10.5:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:10.5:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:infosphere_streams:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_provisioning:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_secure_proxy:2.4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_endpoint_manager:*:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_orchestrator:2.2:*:*:*:-:*:*:*
  • OR cpe:/a:ibm:cloud_orchestrator:2.2.0.1:*:*:*:-:*:*:*
  • OR cpe:/a:ibm:cloud_orchestrator:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operational_decision_manager:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operational_decision_manager:8.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:b2b_advanced_communications:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_key_lifecycle_manager:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_key_lifecycle_manager:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_key_lifecycle_manager:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_provisioning:2.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_provisioning:2.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:api_management:2.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sdk:6.1:*:*:*:java:*:*:*
  • OR cpe:/a:ibm:sdk:7.0:*:*:*:java:*:*:*
  • OR cpe:/a:ibm:sdk:7.1:*:*:*:java:*:*:*
  • OR cpe:/a:ibm:domino:8.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino:8.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino:8.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:10.1:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:10.1:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:10.1:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:tivoli_network_manager:3.9:*:ip:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_network_manager:4.1:*:ip:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.0:-:standard:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.5:-:standard:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.6.0.0:*:*:*:standard:*:*:*
  • OR cpe:/a:ibm:security_appscan:9.0:*:standard:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:9.0.1:*:standard:*:*:*:*:*
  • OR cpe:/a:ibm:quickfile:1.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:3.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_common_reporting:3.1.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7707
    P
    		libykcs11-1-1.6.2-4.30 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7729
    P
    		p7zip-16.02-150200.14.9.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:20140878
    V
    		CVE-2014-0878
    2022-05-20
    oval:org.opensuse.security:def:7005
    P
    		Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) (Important)
    2021-12-14
    oval:org.opensuse.security:def:6980
    P
    		Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP1) (Important)
    2021-10-14
    oval:org.opensuse.security:def:36495
    P
    		libtirpc-devel-0.2.1-1.7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36537
    P
    		perl-base-32bit-5.10.0-64.72.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:6905
    P
    		Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP1) (Important)
    2021-05-25
    oval:org.opensuse.security:def:13238
    P
    		java-1_6_0-ibm-1.6.0_sr16.1-5.9 on GA media (Moderate)
    2021-04-29
    oval:org.opensuse.security:def:46358
    P
    		java-1_6_0-ibm-1.6.0_sr16.1-5.9 on GA media (Moderate)
    2021-04-29
    oval:org.opensuse.security:def:6886
    P
    		Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) (Important)
    2021-04-28
    oval:org.opensuse.security:def:6871
    P
    		Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP1) (Important)
    2021-04-07
    oval:org.opensuse.security:def:7069
    P
    		Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP2) (Important)
    2021-04-07
    oval:org.opensuse.security:def:7056
    P
    		Security update for the Linux Kernel (Important)
    2020-12-10
    oval:org.opensuse.security:def:35746
    P
    		libfreebl3-3.13.1-0.2.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35813
    P
    		python-sssd-config-1.5.11-0.9.96 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35697
    P
    		findutils-4.4.0-38.26.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35785
    P
    		mono-core-2.6.7-0.7.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35857
    P
    		PackageKit-0.3.14-2.28.46 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35638
    P
    		squid-2.7.STABLE5-2.4.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:34999
    P
    		Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:35094
    P
    		Security update for Linux kernel
    2020-12-01
    oval:org.opensuse.security:def:35331
    P
    		Security update for minicom (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:6756
    P
    		libsndfile1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:7047
    P
    		libhogweed2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35478
    P
    		Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:6824
    P
    		python-libxml2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:6748
    P
    		libqt4-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35010
    P
    		Security update for gnutls (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35230
    P
    		Security update for libmspack (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34998
    P
    		Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:7038
    P
    		libgadu3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35388
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:6778
    P
    		libvte9 on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:25310
    P
    		SUSE-SU-2014:0733-2 -- Security update for IBM Java 7
    2014-09-08
    oval:org.mitre.oval:def:25385
    P
    		SUSE-SU-2014:0728-2 -- Security update for IBM Java 6
    2014-09-08
    oval:org.mitre.oval:def:25167
    P
    		SUSE-SU-2014:0733-1 -- Security update for IBM Java 7
    2014-09-08
    oval:org.mitre.oval:def:25410
    P
    		SUSE-SU-2014:0732-1 -- Security update for IBM Java 5
    2014-09-08
    oval:org.mitre.oval:def:25419
    P
    		SUSE-SU-2014:0728-3 -- Security update for IBM Java 6
    2014-09-08
    oval:org.mitre.oval:def:24881
    P
    		ELSA-2014:0509: java-1.5.0-ibm security update (Important)
    2014-09-01
    oval:org.mitre.oval:def:25185
    P
    		ELSA-2014:0508: java-1.6.0-ibm security update (Critical)
    2014-09-01
    oval:org.mitre.oval:def:24767
    P
    		ELSA-2014:0486: java-1.7.0-ibm security update (Critical)
    2014-09-01
    oval:com.redhat.rhsa:def:20140508
    P
    		RHSA-2014:0508: java-1.6.0-ibm security update (Critical)
    2014-05-15
    oval:com.redhat.rhsa:def:20140509
    P
    		RHSA-2014:0509: java-1.5.0-ibm security update (Important)
    2014-05-15
    oval:com.redhat.rhsa:def:20140486
    P
    		RHSA-2014:0486: java-1.7.0-ibm security update (Critical)
    2014-05-13
    BACK
    ibm java sdk 6.0.0.0
    ibm java sdk 6.0.1.0
    ibm java sdk 6.0.2.0
    ibm java sdk 6.0.3.0
    ibm java sdk 6.0.4.0
    ibm java sdk 6.0.5.0
    ibm java sdk 6.0.6.0
    ibm java sdk 6.0.7.0
    ibm java sdk 6.0.8.0
    ibm java sdk 6.0.8.1
    ibm java sdk 6.0.9.0
    ibm java sdk 6.0.9.1
    ibm java sdk 6.0.9.2
    ibm java sdk 6.0.10.0
    ibm java sdk 6.0.10.1
    ibm java sdk 6.0.11.0
    ibm java sdk 6.0.12.0
    ibm java sdk 6.0.13.0
    ibm java sdk 6.0.13.1
    ibm java sdk 6.0.13.2
    ibm java sdk 6.0.14.0
    ibm java sdk 6.0.15.0
    ibm java sdk 6.0.15.1
    ibm java sdk 5.0.0.0
    ibm java sdk 5.0.11.0
    ibm java sdk 5.0.11.1
    ibm java sdk 5.0.11.2
    ibm java sdk 5.0.12.0
    ibm java sdk 5.0.12.1
    ibm java sdk 5.0.12.2
    ibm java sdk 5.0.12.3
    ibm java sdk 5.0.12.4
    ibm java sdk 5.0.12.5
    ibm java sdk 5.0.13.0
    ibm java sdk 5.0.14.0
    ibm java sdk 5.0.15.0
    ibm java sdk 5.0.16.0
    ibm java sdk 5.0.16.1
    ibm java sdk 5.0.16.2
    ibm java sdk 5.0.16.3
    ibm java sdk 5.0.16.4
    ibm java sdk 5.0.16.5
    ibm java sdk 7.0.0.0
    ibm java sdk 7.0.1.0
    ibm java sdk 7.0.2.0
    ibm java sdk 7.0.3.0
    ibm java sdk 7.0.4.0
    ibm java sdk 7.0.4.1
    ibm java sdk 7.0.4.2
    ibm java sdk 7.0.5.0
    ibm java sdk 7.0.6.0
    ibm java sdk 7.0.6.1
    ibm java sdk 7.1.0.0
    ibm java 5.0
    ibm java 7.0
    ibm websphere application server 6.1
    ibm websphere application server 7.0
    ibm sdk 5.0
    ibm cognos business intelligence 8.4.1
    ibm websphere portal 7.0
    ibm sdk 6.0
    ibm tivoli network manager 3.8
    redhat enterprise linux 6
    ibm websphere application server 8.0
    ibm cognos express 9.5
    ibm maximo asset management 7.5
    ibm websphere portal 8.0
    ibm lotus expeditor 6.2.1
    ibm lotus expeditor 6.2.2
    ibm lotus expeditor 6.2.3
    ibm websphere application server 8.5
    ibm infosphere streams 2.0
    ibm tivoli storage productivity center 5.1
    ibm infosphere streams 1.2
    ibm infosphere streams 3.0
    ibm cognos business intelligence 10.1
    ibm cognos business intelligence 10.1.1
    ibm cognos business intelligence 10.2
    ibm cognos express 10.1
    ibm rational insight 1.1
    ibm rational insight 1.1.1
    ibm rational insight 1.1.1.1
    ibm websphere extreme scale 7.1.1
    ibm websphere extreme scale 8.5
    ibm websphere extreme scale 8.6
    ibm websphere application server 8.5.5
    ibm infosphere streams 3.1
    ibm messagesight 1.0
    ibm api management 2.0
    ibm filenet system monitor 4.5.0
    ibm filenet system monitor 5.1
    ibm operational decision manager 8.0
    ibm filenet content manager 5.2.0
    ibm operational decision manager 7.5
    ibm operational decision manager 8.5
    ibm tivoli composite application manager 7.3
    ibm tivoli provisioning manager 5.1
    ibm tivoli storage productivity center 5.1.1
    ibm websphere extreme scale 7.1
    ibm cognos business intelligence 10.2.1
    ibm smartcloud provisioning 2.1
    ibm smartcloud provisioning 2.1.0.1
    ibm security access manager 7.0
    ibm maximo asset management 7.1.1
    ibm filenet content manager 5.1.0
    ibm websphere portal 6.1.0
    ibm security appscan 8.7 -
    ibm security appscan 8.8 -
    ibm cognos express 10.2.1
    ibm messagesight 1.1
    ibm security key lifecycle manager 2.5
    ibm security access manager 8.0
    ibm api management 3.0
    ibm tivoli provisioning manager 7.1
    ibm tivoli provisioning manager 7.2
    ibm rational reporting 2.0
    ibm rational reporting 2.0.1
    ibm rational reporting 2.0.3
    ibm rational reporting 2.0.4
    ibm rational reporting 2.0.5
    ibm rational reporting 2.0.6
    ibm websphere portal 8.5
    ibm tivoli composite application manager 7.4
    ibm operational decision manager 7.1
    ibm db2 10.5
    ibm db2 10.5
    ibm db2 10.5
    ibm infosphere streams 3.2
    ibm infosphere streams 3.2.1
    ibm smartcloud provisioning 2.3
    ibm domino 8.5.3.6
    ibm domino 9.0.1
    ibm sterling secure proxy 2.4.2.0
    ibm domino 8.5
    ibm domino 9.0
    ibm tivoli endpoint manager *
    ibm i 6.1
    ibm i 7.1
    ibm i 7.2
    ibm cloud orchestrator 2.2
    ibm cloud orchestrator 2.2.0.1
    ibm cloud orchestrator 2.3
    ibm tivoli storage productivity center 5.2
    ibm tivoli storage productivity center 5.2.1
    ibm operational decision manager 7.0.2
    ibm operational decision manager 8.5.1
    ibm tivoli monitoring 6.2.2
    ibm tivoli monitoring 6.2.3
    ibm tivoli monitoring 6.3.0
    ibm b2b advanced communications 1.0.0
    ibm tivoli monitoring 6.2.0
    ibm tivoli monitoring 6.2.1
    ibm security key lifecycle manager 1.0
    ibm security key lifecycle manager 2.0
    ibm security key lifecycle manager 2.0.1
    ibm smartcloud provisioning 2.1.0.2
    ibm smartcloud provisioning 2.1.0.3
    ibm tivoli application dependency discovery manager 7.2
    ibm tivoli application dependency discovery manager 7.2.1
    ibm tivoli application dependency discovery manager 7.2.2
    ibm api management 2.0.0.1
    ibm sdk 6.1
    ibm sdk 7.0
    ibm sdk 7.1
    ibm domino 8.5.1
    ibm domino 8.5.2
    ibm domino 8.5.3
    ibm domino 9.0.1.1
    ibm db2 10.1
    ibm db2 10.1
    ibm db2 10.1
    ibm tivoli network manager 3.9
    ibm tivoli application dependency discovery manager 7.1.2
    ibm tivoli storage productivity center 5.2.2
    ibm tivoli network manager 4.1
    ibm security appscan 8.0 -
    ibm security appscan 8.5 -
    ibm security appscan 8.6.0.0
    ibm security appscan 9.0
    ibm security appscan 9.0.1
    ibm quickfile 1.1.0.1
    ibm rational insight 1.1.1.2
    ibm rational insight 1.1.1.3
    ibm tivoli common reporting 2.1
    ibm tivoli common reporting 2.1.1
    ibm tivoli common reporting 3.1
    ibm tivoli common reporting 3.1.0.1
    ibm tivoli common reporting 3.1.0.2