Lucene search

IBM3EC35937FBE25CBE3B9291D15ED3CA7580FD5C3579B3D7BB94CBC9DB59FA77BD

HistorySep 12, 2023 - 5:48 a.m.

Security Bulletin: Vulnerability in Open JDK affecting Rational Functional Tester

2023-09-1205:48:09

www.ibm.com

open jdk

rational functional tester

vulnerability

java se

rft 10.0

rft 10.1

rft 10.2

rft 10.5

windows

linux

mac os

download

manual replacement

mac os commands

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

28.0%

JSON

Summary

There is vulnerability in Open JDK Version 8, OpenJ9 used by Rational Functional Tester (RFT). RFT has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2023-22049
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Rational Functional Tester (RFT)	RFT 10.0
Rational Functional Tester (RFT)	RFT 10.1
Rational Functional Tester (RFT)	RFT 10.2
Rational Functional Tester (RFT)	RFT 10.5

Remediation/Fixes

Product	Version	APAR	Operating System	Remediation/ Fix
RFT	10.0 to 10.5.3	None	Windows 32 bit	<https://github.com/AdoptOpenJDK/semeru8-binaries/releases/download/jdk8u382-b05_openj9-0.40.0/ibm-semeru-open-jdk_x86-32_windows_8u382b05_openj9-0.40.0.zip>
Windows 64 bit	<https://github.com/AdoptOpenJDK/semeru8-binaries/releases/download/jdk8u382-b05_openj9-0.40.0/ibm-semeru-open-jdk_x64_windows_8u382b05_openj9-0.40.0.zip>
Linux	<https://github.com/AdoptOpenJDK/semeru8-binaries/releases/download/jdk8u382-b05_openj9-0.40.0/ibm-semeru-open-jdk_x64_linux_8u382b05_openj9-0.40.0.tar.gz>
Mac OS	<https://github.com/AdoptOpenJDK/semeru8-binaries/releases/download/jdk8u382-b05_openj9-0.40.0/ibm-semeru-open-jdk_x64_mac_8u382b05_openj9-0.40.0.tar.gz>

Download the JDK appropriate for your platform in order to manually replace the JDK.
Note: Please take backup of existing _${RFTinstallLocation}/_jdk folder.

Additional steps for Mac OS:

Run below commands

chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/bin
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/jre/bin
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/jre/lib/jspawnhelper
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/jre/lib/*.dylib
rm -f ${RFTinstallLocation}/jdk/Contents/MacOS/libjli.dylib
ln -s ${RFTinstallLocation}/jdk/Contents/Home/jre/lib/jli/libjli.dylib ${RFTinstallLocation}/jdk/Contents/MacOS/libjli.dylib

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmrational_functional_testerMatch10.0

ibmrational_functional_testerMatch10.5.3

VendorProductVersionCPE
ibmrational_functional_tester10.0cpe:2.3:a:ibm:rational_functional_tester:10.0:*:*:*:*:*:*:*
ibmrational_functional_tester10.5.3cpe:2.3:a:ibm:rational_functional_tester:10.5.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	rational_functional_tester	10.0	cpe:2.3:a:ibm:rational_functional_tester:10.0:::::::*
ibm	rational_functional_tester	10.5.3	cpe:2.3:a:ibm:rational_functional_tester:10.5.3:::::::*