Lucene search

IBM368CBA51B2BD334DED3AEF02F93D8E2C55F25EE9132836348C71D421CF78CEF0

HistoryNov 04, 2020 - 5:41 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester

2020-11-0417:41:37

www.ibm.com

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8** used by Rational Functional Tester (RFT) versions 8.6.0.7 - 9.5. RFT has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2020-2590
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174538 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2020-2601
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174548 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
RFT	9.2
RFT	9.1
RFT	9.5
RFT	8.6

Remediation/Fixes

Apply the correct fix pack or iFix for your version of the Rational Functional Tester :

Product	Version	APAR	Remediation/ Fix
RFT	8.6.0.7 - 8.6.0.10, 9.1 - 9.1.1.1, and 9.2 - 9.5	None	Download IBM SDK, Java Technology Edition, Version 8R0 Service Refresh 6 Fix Pack 15 iFix from the Fix Central and apply it.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm rational functional testereq8.6.0.7
ibm rational functional testereq9.5

CPE	Name	Operator	Version
	ibm rational functional tester	eq	8.6.0.7
	ibm rational functional tester	eq	9.5

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for 368CBA51B2BD334DED3AEF02F93D8E2C55F25EE9132836348C71D421CF78CEF0