Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2014-4244, CVE-2014-4263)

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Cognos TM1. These issues were disclosed as part of the IBM Java SDK updates in July 2014.

Vulnerability Details

CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94606 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-4244 DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94605 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

IBM Cognos TM1 10.1.1.2
IBM Cognos TM1 10.2.0.2
IBM Cognos TM1 10.2.2

Remediation/Fixes

The recommended solution is to apply the fix for versions listed as soon as practical.

IBM Cognos TM1 10.1.1.2 Interim Fix 2
<http://www-01.ibm.com/support/docview.wss?uid=swg24038887&gt;

IBM Cognos TM1 10.2.0.2 Interim Fix 2
<http://www-01.ibm.com/support/docview.wss?uid=swg24038927&gt;

IBM Cognos TM1 10.2.2 Fix Pack 2
<http://www-01.ibm.com/support/docview.wss?uid=swg24038876&gt;

Workarounds and Mitigations

None