Security Bulletin:Security vulnerability in current IBM SDK for Java for WebSphere Application Server Community Edition 3.0.0.4 July 2014 CPU (CVE-2014-4244)

Summary

A security vulnerability exists in the IBM® SDK Java™ Technology Edition, Version 6 and 7 that is used by IBM WebSphere Application Server Community Edition 3.0.0.4.
This issue was disclosed as part of the IBM Java SDK updates in July 2014.

Vulnerability Details

CVE ID:**CVE-2014-**4244

DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS:

CVSS Base Score: 4

CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605&gt; for the current score

CVSS Environmental Score:* Undefined

CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

WebSphere Application Server Community Edition 3.0.0.4

Workarounds and Mitigations

If you use the IBM SDK for Java: upgrade your SDK to a level as noted below:

IBM SDK for Java 6.0:
Upgrade your SDK to IBM SDK, Java 2 Technology Edition, Version 6 Service Refresh 16 Fix Pack 1 or IBM SDK, Java 2 Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 1

IBM SDK for Java 7.0:
Upgrade your SDK to IBM SDK, Java 2 Technology Edition, Version 7 Service Refresh 7 Fix Pack 1 or IBM SDK, Java 2 Technology Edition, Version 7R1 Service Refresh 1Fix Pack 1
If you use the Oracle SDK: upgrade your SDK to a level as noted below:

Oracle SDK 1.6:
Upgrade your SDK to Oracle SDK 1.6.0_81.

Oracle SDK 1.7:
Upgrade your SDK to Oracle SDK 1.7.0_65.