7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Multiple vulnerabilities exist in IBM SDKs Java Technology Edition and IBM Runtime Environment Java Technology Edition that are used by Rational Functional Tester (RFT). These issues were disclosed as part of the IBM Java SDK updates in July 2014.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVEID: CVE-2014-3086
Description: A vulnerability in the IBM implementation of the Java Virtual Machine may, under very limited circumstances, allow untrusted code running under a security manager to escalate its privileges.
CVSS Base Score: 9.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94097>
for the current score
CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Rational Functional Tester version 8.2.2 and later
Vendor Fixes:
Product | Version | APAR | Remediation/First fix |
---|---|---|---|
RFT | 8.6.0 | None | Apply the iFix on RFT 8.6 which ships with IBM SDK, Java Technology Edition, Version 7 Service Refresh 7 Fix Pack 1 iFix. |
RFT | 8.5.1 - 8.5.1.x | None | Upgrade to RFT 8.5.1.3 (the last fixpack vesion on 8.5.1) which ships with IBM SDK, Java Technology Edition, Version 7 Service Refresh 7 Fix Pack 1 iFix and apply the iFix. |
RFT | 8.5.0 - 8.5.0.x | None | Upgrade to RFT 8.5.0.1 (the last fixpack vesion on 8.5.0) which ships with IBM SDK, Java Technology Edition, Version 7 Service Refresh 7 Fix Pack 1 iFix and apply the iFix. |
RFT | 8.3 - 8.3.0.x | None | Upgrade to RFT 8.3.0.2 (the last fixpack vesion on 8.3.0) which ships with IBM SDK, Java Technology Edition, Version 7 Service Refresh 7 Fix Pack 1 iFix and apply the iFix. |
RFT | 8.2.2 - 8.2.2.x | None | Upgrade to RFT 8.2.2.1 (the last fixpack vesion on 8.2.2) which ships with IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 1 iFix and apply the iFix. |
Until fixes are applied, ensure RFT is not accessible from the Internet.