Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects Rational Directory Server (CVE-2014-6457, CVE-2014-6593)

Summary

There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 6 that is used by Rational Directory Server. These issues were disclosed as part of the IBM Java SDK updates in October 2014 and January 2015.

Vulnerability Details

CVEID: CVE-2014-6457

Description: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-6593

Description: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

Product

| Version
—|—
Rational Directory Server (Tivoli) | 5.2 - 5.2.1_iFix004
Rational Directory Server (Apache)| 5.1.1 - 5.1.1.2_iFix005
Rational Directory Administrator| 6.0 - 6.0.0.1_iFix01

Remediation/Fixes

Workarounds and Mitigations

None