CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester (RFT) / Open JDK Version 17, OpenJ9 used by DevOps Test UI (Test UI). RFT/Test UI has addressed the applicable CVEs.
CVEID:CVE-2024-21131
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low integrity impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298464 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2024-21144
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Concurrency component could allow a remote attacker to cause low availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298470 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2024-21145
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity impacts.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298467 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
Rational Functional Tester (RFT) | RFT 10.0 - 10.0.2.1 |
Rational Functional Tester (RFT) | RFT 10.1 - 10.1.3 |
Rational Functional Tester (RFT) | RFT 10.2 - 10.2.3 |
Rational Functional Tester (RFT) | RFT 10.5 - 10.5.4 |
DevOps Test UI (Test UI) | Test UI 11.0 - 11.0.2 |
Product | Version | APAR | Operating System | Remediation/ Fix |
---|---|---|---|---|
RFT | ||||
Test UI | 10.0 to 10.5.4 | |||
11.0.0 and 11.0.1 | None | Windows 32 bit | <https://github.com/ibmruntimes/semeru8-binaries/releases/download/jdk8u422-b05_openj9-0.46.0/ibm-semeru-open-jdk_x86-32_windows_8u422b05_openj9-0.46.0.zip> | |
Windows 64 bit | <https://github.com/ibmruntimes/semeru8-binaries/releases/download/jdk8u422-b05_openj9-0.46.0/ibm-semeru-open-jdk_x64_windows_8u422b05_openj9-0.46.0.zip> | |||
Linux | <https://github.com/ibmruntimes/semeru8-binaries/releases/download/jdk8u422-b05_openj9-0.46.0/ibm-semeru-open-jdk_x64_linux_8u422b05_openj9-0.46.0.tar.gz> | |||
Mac OS | <https://github.com/ibmruntimes/semeru8-binaries/releases/download/jdk8u422-b05_openj9-0.46.0/ibm-semeru-open-jdk_x64_mac_8u422b05_openj9-0.46.0.tar.gz> |
Download the correct version of JDK for your platform to manually replace the JDK.
Note: Please take a backup of the existing _${RFTinstallLocation}/_jdk folder.
Download the correct version of JRE for your platform to manually replace the JRE.
Note: Please take a backup of the existing _${TestUIinstallLocation}/_jre17/jre folder.
Download the correct version of JDK for your platform to manually replace the JDK.
Note: Please take a backup of the existing _${TestUIinstallLocation}/_jdk folder.
Additional steps for Mac OS:
For Rational Functional Tester 10.5.4 and earlier releases, DevOps Test UI 11.0.0 and 11.0.1 releases, run the following commands:
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/bin
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/jre/bin
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/jre/lib/jspawnhelper
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/jre/lib/*.dylib
rm -f ${RFTinstallLocation}/jdk/Contents/MacOS/libjli.dylib
ln -s ${RFTinstallLocation}/jdk/Contents/Home/jre/lib/jli/libjli.dylib ${RFTinstallLocation}/jdk/Contents/MacOS/libjli.dylib
For DevOps Test UI 11.0.0 and 11.0.1 releases, run the following additional commands:
chmod -R +x ${TestUIinstallLocation}/jre17/jre/Contents/Home/bin
chmod -R +x ${TestUIinstallLocation}/jre17/jre/Contents/Home/lib/jspawnhelper
chmod -R +x ${TestUIinstallLocation}/jre17/jre/Contents/Home/lib/*.dylib
rm -f ${TestUIinstallLocation}/jre17/jre/Contents/MacOS/libjli.dylib
ln -s ${TestUIinstallLocation}/jre17/jre/Contents/Home/lib/jli/libjli.dylib ${TestUIinstallLocation}/jre17/jre/Contents/MacOS/libjli.dylib
For DevOps Test UI 11.0.2 and later releases, run the following commands:
chmod -R +x ${TestUIinstallLocation}/jdk/Contents/Home/bin
chmod -R +x ${TestUIinstallLocation}/jdk/Contents/Home/lib/jspawnhelper
chmod -R +x ${TestUIinstallLocation}/jdk/Contents/Home/lib/*.dylib
rm -f ${TestUIinstallLocation}/jdk/Contents/MacOS/libjli.dylib
ln -s ${TestUIinstallLocation}/jdk/Contents/Home/lib/libjli.dylib ${TestUIinstallLocation}/jdk/Contents/MacOS/libjli.dylib
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | devops_deploy | 10.0 | cpe:2.3:a:ibm:devops_deploy:10.0:*:*:*:*:*:*:* |
ibm | devops_deploy | 11.0 | cpe:2.3:a:ibm:devops_deploy:11.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High