Security Bulletin: A Security Vulnerability, exists in the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software (CVE-2015-1835)

Summary

A security vulnerability, CVE-2015-1835, has been discovered that affects the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software.

Vulnerability Details

CVEID: CVE-2015-1835 **
DESCRIPTION:** The Apache Cordova could allow a remote attacker to execute arbitrary commands on the system. Applications built with the Cordova framework and lack explicit values set in config.xml can have undefined configuration variables set by Intent. By persuading a victim to click a specially crafted URL, an attacker could exploit this vulnerability to inject malicious content in applications and modify app characteristics including force-closing.

CVSS Base Score: 5.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103448 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:P)

Affected Products and Versions

IBM Rational Application Developer for WebSphere Software 9.1 and 9.1.1

Remediation/Fixes

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
Rational Application Developer| 9.1 and 9.1.1| PI43799|

• Update the Android platform to 3.7.2 using the Node Packaged Modules software provided with the product:

1. Open a command terminal and navigate to <product installation directory>/cordova_cli/ (for Windows) or <product installation directory>/cordova_cli/bin/ (for Linux or MacOS)

2. Issue the following command to upgrade the Android platform to 3.7.2:

cordova platform update [email protected] --usenpm
3. Rebuild your application and redeploy to your users

|
|
|