Lucene search

K
ibmIBM14A4DBFF7848D6F616B311EFF6A45FB798F1EFB4CAE8AF660F608507022BE82F
HistoryJun 17, 2018 - 4:55 a.m.

Security Bulletin: A security vulnerability has been identified in IBM SDK, Java Technology Edition bundled product shipped with Rational Asset Manager (CVE-2014-2421, CVE-2014-1876)

2018-06-1704:55:08
www.ibm.com
20

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary

IBM SDK, Java Technology Edition is shipped as a component of IBM Rational Asset Manager. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in a security bulletin.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

  • Follow this link for more information (requires login with your IBM ID)
    —|—

CVEID: CVE-2014-2421** **
Description: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92462&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-1876** **
Description: An unspecified vulnerability related to the Libraries component has no confidentiality impact, partial integrity impact, and partial availability impact.

CVSS Base Score: 2.6 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92492&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:P)

Affected Products and Versions

Product and Version(s)

| Product and Version shipped as a component
—|—
IBM Rational Asset Manager 7.5.2, 7.5.1, 7.5, 7.2| IBM SDK, Java Technology Edition, Version 6 Service Refresh 15 Fix Pack 1 and earlier

Remediation/Fixes

This

RAM Embeded WAS? WAS 6.1 WAS 7.0 WAS 8.0 WAS 8.5
7.2 Yes 6.1.0.25 for stand-alone WAS
6.1 with ISC for embeded WAS N/A N/A N/A
7.5 Yes 6.1.0.31 for stand-alone WAS
6.1 with ISC, (6.1.0.35 and future fix) for embeded WAS 7.0.0.11 for stand-alone WAS
7.0.0.13 and future fix packs for embeded WAS N/A N/A
7.5.1 Yes N/A 7.0.0.25 for stand-alone WAS
7.0.0.17 and future fix packs for embeded WAS 8.0.0.4 and future fix packs for stand-alone WAS N/A
7.5.2 No N/A 7.0.0.27 8.0.0.6 8.5.0.2

Workarounds and Mitigations

None

CPENameOperatorVersion
rational asset managereq7.5

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C