Security Bulletin: Open Source Apache Batik vulnerability affects Rational Developer for System z (CVE-2015-0250)

Summary

Rational Developer for System z is affected by the Open Source Apache Batik vulnerability and has addressed the applicable CVEs

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

• Follow this link for more information (requires login with your IBM ID)
  —|—

CVEID: CVE-2015-0250 **
DESCRIPTION:** Apache Batik could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this vulnerability to reveal files and obtain sensitive information.

CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101614 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

Principal Product and Version(s)

• Rational Developer for System z, versions 8.5.1.6 and earlier
• Rational Developer for System z, versions 9.0.1.4 and earlier
• Rational Developer for System z, versions 9.1.1.1 and earlier

Remediation/Fixes

IBM has provided patches for all affected versions.

Follow the installation instructions in the README files included with the patch.

The fix can be obtained at the following locations:

• Rational Developer for System z Interim Fix 1 for 8.5.1.6
• Rational Developer for System z Interim Fix 2 for 9.0.1.4
• Rational Developer for System z Interim Fix 2 for 9.1.1.1