Guest

Preview Tool

Cisco Bug: CSCuq38322 - PCA: Numerous JDK Vulnerabilities

Last Modified

Aug 11, 2015

Products (1)

  • Cisco Prime Collaboration

Known Affected Releases

10.5(1)

Description (partial)

Symptoms:
Cisco Prime Collaboration Assurance contains a version of Oracle Java that is affected by the following Common
Vulnerability and Exposures (CVE) IDs:

CVE-2013-6629: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent:
AWT). Supported versions that are affected are Java SE 5.0u61, Java SE 6u71, Java SE 7u51, Java SE 8 and Java
SE Embedded 7u51. Easily exploitable vulnerability allows successful unauthenticated network attacks via
multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset
of Java SE, Java SE Embedded accessible data.  This has been classified by the vendor as having a CVSSv2 Base
Score of 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2013-6954: Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE
(subcomponent: AWT). Supported versions that are affected are Java SE 6u71, Java SE 7u51, Java SE 8, JRockit
R28.3.1 and Java SE Embedded 7u51. Easily exploitable vulnerability allows successful unauthenticated network
attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to
cause a partial denial of service (partial DOS) of Java SE, JRockit, Java SE Embedded.  This has been
classified by the vendor as having a CVSSv2 Base Score of 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2014-0429: Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE
(subcomponent: 2D). Supported versions that are affected are Java SE 5.0u61, Java SE 6u71, Java SE 7u51, Java
SE 8, JRockit R27.8.1, JRockit R28.3.1 and Java SE Embedded 7u51. Easily exploitable vulnerability allows
successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can
result in unauthorized Operating System takeover including arbitrary code execution.  This has been classified
by the vendor as having a CVSSv2 Base Score of 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-2014-0453: Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE
(subcomponent: Security). Supported versions that are affected are Java SE 5.0u61, Java SE 6u71, Java SE 7u51,
Java SE 8, JRockit R27.8.1, JRockit R28.3.1 and Java SE Embedded 7u51. Very difficult to exploit vulnerability
allows successful unauthenticated network attacks via multiple protocols. Successful attack of this
vulnerability can result in unauthorized update, insert or delete access to some Java SE, JRockit, Java SE
Embedded accessible data as well as read access to a subset of Java SE, JRockit, Java SE Embedded accessible
data.  This has been classified by the vendor as having a CVSSv2 Base Score of 4.0
(AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVE-2014-0457: Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE
(subcomponent: Libraries). Supported versions that are affected are Java SE 5.0u61, Java SE 6u71, Java SE
7u51, Java SE 8, JRockit R27.8.1, JRockit R28.3.1 and Java SE Embedded 7u51. Easily exploitable vulnerability
allows successful unauthenticated network attacks via multiple protocols. Successful attack of this
vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.  This
has been classified by the vendor as having a CVSSv2 Base Score of 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-2014-0460: Vulnerability in the Java SE, JRockit, Java SE Embedded component of Oracle Java SE
(subcomponent: JNDI). Supported versions that are affected are Java SE 5.0u61, Java SE 6u71, Java SE 7u51,
Java SE 8, JRockit R27.8.1, JRockit R28.3.1 and Java SE Embedded 7u51. Difficult to exploit vulnerability
allows successful unauthenticated network attacks via multiple protocols. Successful attack of this
vulnerability can result in unauthorized update, insert or delete access to some Java SE, JRockit, Java SE
Embedded accessible data as well as read access to a subset of Java SE, JRockit, Java SE Embedded accessible
data.  This has been classified by the vendor as having a CVSSv2 Base Score of 5.8
(AV:N/AC:M/Au:N/C:P/I:P/A:N)

This bug was opened to address the potential impact on this product.

Conditions:
Running version of this software prior to the Known Fixed Releases.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.