IBM17F2DE1F272EBF8E1F0E16B3A3D0C121D7F53002360A33B2E318E8910C665E9DSecurity Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0169)
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
Summary
Previous releases of IBM Rational Automation Framework are affected by a vulnerability in Java that may allow remote attackers to execute plaintext-recovery attacks.
Vulnerability Details
| Subscribe to My Notifications to be notified of important product support alerts like this.
- Follow this link for more information (requires login with your IBM ID)
—|—
CVE ID: CVE-2013-0169 **
Description: **Unspecified vulnerability in IBM Java Runtime Environment may allow remote attackers to conduct distinguishing attacks and plaintext-recovery via statistical analysis of timing data for crafted packets.
Note that despite the public disclosure, the issue is largely theoretical and very difficult to exploit in real world scenarios.
_
_CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81902>[](<https://exchange.xforce.ibmcloud.com/vulnerabilities/81902>) for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
Rational Automation Framework 3.0.1 and earlier on all supported platforms.
Remediation/Fixes
Upgrade to Rational Automation Framework Fix Pack 1 (3.0.1.1) for 3.0.1
Workarounds and Mitigations
None
Related
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N