10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Multiple security vulnerabilities exist in the Java Runtime Environments (JREs) IBM JRE 7.0 Service Release 1 or earlier, and non-IBM Java 7.0 or earlier, that can affect the security of Rational Functional Tester. Fixes are available in IBM JRE 7.0 Service Release 3 and in the latest Java 7.0 patches.
| Subscribe to My Notifications to be notified of important product support alerts like this.
**CVE IDs:**CVE-2012-3159, CVE-2012-3216, CVE-2012-5070, CVE-2012-5067, CVE-2012-3143, CVE-2012-5076, CVE-2012-5077, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5083, CVE-2012-5072, CVE-2012-1531, CVE-2012-5081, CVE-2012-1532, CVE-2012-1533, CVE-2012-5069, CVE-2012-5071, CVE-2012-5084, CVE-2012-5087, CVE-2012-5086, CVE-2012-5079, CVE-2012-5088, CVE-2012-5089
Description: Vulnerabilities exist in the following JREs that can impact the security of Rational Functional Tester:
Fixes are available in IBM JRE 7.0 Service Release 3 (shipped with Rational Functional Tester version 8.3.0.1) and in the latest Java 7.0 patches.
CVEID:CVE-2012-3159
Description: Remote attackers could affect confidentiality and integrity through unknown vectors related to Deployment.
CVSS Base Score 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79424>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Description: Remote attackers could affect confidentiality through unknown vectors related to File.
CVSS Base Score 2.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79436>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:H/Au:N/C:P/I:N/A:N)
Description: Remote attackers could affect confidentiality, integrity, and availability through unknown vectors related to Hotspot.
CVSS Base Score 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79430>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Description: Remote attackers could affect confidentiality through unknown vectors related to Library.
CVSS Base Score 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79429>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Description: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to JMX.
CVSS Base Score 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79419>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Description: A number of internal com.sun packages which should be restricted are not.
CVSS Base Score 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79418>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Description: An undisclosed vulnerability exists in a portion of the JRE related to Security.
CVSS Base Score 2.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79437>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVEID:CVE-2012-5073
Description: Parts of the java.util.logging API do not check access permissions correctly.
CVSS Base Score 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79432>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Description: A number of internal com.sun packages which should be restricted are not.
CVSS Base Score 6.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79426>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Description: Remote attackers could affect confidentiality through unknown vectors related to RMI.
CVSS Base Score 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79431>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Description: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to Swing.
CVSS Base Score 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79412>
CVSS Environmental Score undefined
CVSS Vector ((AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID:CVE-2012-5072
Description: Under certain circumstances the java.security.AccessController.doPrivilegedWithCombiner() method does not work correctly. This potentially allows malicious code to elevate its privileges.
CVSS Base Score 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79434>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Description: An attacker can induce a crash by injecting a maliciously crafted font file which contains invalid data.
CVSS Base Score 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79413>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID:CVE-2012-5081
Description: Remote attackers could affect accessibility through unknown vectors related to Network.
CVSS Base Score 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79435>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID:CVE-2012-1532
Description: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to Web Start.
CVSS Base Score 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79417>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID:CVE-2012-1533
Description: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to Web Start. This is different from CVE-2012-1532.
CVSS Base Score 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79416>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID:**CVE-2012-**5069
Description: Remote attackers could affect confidentiality and integrity through unknown vectors related to ClassLoader.
CVSS Base Score 5.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79428>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVEID:**CVE-2012-**5071
Description: Part of the javax.management (JMX) API incorrectly allows access to sun.* classes, which should be restricted.
CVSS Base Score 6.4
CVSS Temporal Score: See** **<https://exchange.xforce.ibmcloud.com/vulnerabilities/79427>
CVSS Environmental Score undefined
CVSS Vector(AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVEID:**CVE-2012-**5084
Description: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to Swing. This is different from CVE-2012-5083.
CVSS Base Score 7.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79423>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID:CVE-2012-508****7
Description: The class com.sun.beans.decoder.PropertyElementHandler does not check permissions correctly. This potentially allows malicious code to access restricted classes.
CVSS Base Score 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79415>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID:CVE-2012-5086
Description: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to Beans.
CVSS Base Score 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79414>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID:**CVE-2012-**5079
Description: Remote attackers could affect integrity through unknown vectors related to Service.
CVSS Base Score 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79433>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID:CVE-2012-5088
Description: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to Reflection.
CVSS Base Score 10
CVSS Temporal Score: See<https://exchange.xforce.ibmcloud.com/vulnerabilities/79420>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID:CVE-2012-5089
Description: Remote attackers could affect confidentiality, integrity, and accessibility through unknown vectors related to RMI.
CVSS Base Score 7.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79422>
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C)
IBM JRE 7.0 Service Release 2 or earlier, shipped with Rational Functional Tester and non-IBM Java 7.0
Upgrade to Rational Functional Tester Fix Pack 1 (8.3.0.1) for 8.3.
If you intend to use IBM Rational Functional Tester with a non-IBM Java 7.0, ensure that you upgrade to the latest Java 7.0 patches to fix the vulnerability security issues.
None