Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in April 2018.

Vulnerability Details

CVEID: CVE-2018-2783 DESCRIPTION: An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID: CVE-2018-2790 DESCRIPTION: An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)

Affected Products and Versions

Rational Application Developer 9.0- 9.0.1.2

Rational Application Developer 9.1 - 9.1.1.2

Rational Application Developer 9.5 - 9.5.0.3

Rational Application Developer 9.6 - 9.6.1.1

Remediation/Fixes

Update the IBM SDK, Java Technology Edition of the product to address this vulnerability:

Product

| VRMF |APAR|Remediation/First Fix
—|—|—|—
Rational Application Developer | 9.5 through 9.6 |

PH00568

|

• For all versions, IBM SDK Technology Edition Critical Patch Update
  Rational Application Developer | 9.0 through 9.1 |

PH00568

|

• For all versions, IBM SDK Technology Edition Critical Patch Update

Workarounds and Mitigations

No known workarounds.