IBM45B8083C191232F81D36077A9DB997569CBCDF51915A12038301F1630F4EE215Security Bulletin: A vulnerability in IBM Java SDK affects Rational Insight (CVE-2016-3427)
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Summary
There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Insight. The issue was disclosed as part of the IBM Java SDK updates in April 2016.
Vulnerability Details
CVEID: CVE-2016-3427** *DESCRIPTION: An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112459 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Affected Products and Versions
Principal Product and Version(s)
| Affected Supporting Product(s) and Version(s)
—|—
Rational Insight 1.1, 1.1.1, 1.1.1.1 and 1.1.1.2| Cognos BI 10.1.1
Rational Insight 1.1.1.3| Cognos BI 10.2.1
Rational Insight 1.1.1.4, 1.1.1.5 and 1.1.1.6| Cognos BI 10.2.1 Fix pack 2
Jazz Reporting Service 5.0, 5.0.1 and 5.0.2
Rational Insight 1.1.1.7| Cognos BI 10.2.1 Fix pack 2
Jazz Reporting Service 6.0
Remediation/Fixes
Apply the recommended fixes to all affected versions of Rational Insight.
Rational Insight 1.1
- Download the IBM Cognos Business Intelligence 10.1.1 Interim Fix 19 (Implemented by file 10.1.6306.509).
Review technote 1679272: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Insight 1.1 for detailed instructions.
Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2
- Download the IBM Cognos Business Intelligence 10.1.1 Interim Fix 19 (Implemented by file 10.1.6306.509).
Read technote 1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x for the detailed instructions for patch application.
- Download the IBM Cognos Business Intelligence 10.2.1 Interim Fix 17 (Implemented by file 10.2.5000.528).
Review technote 1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x for the detailed instructions for patch application.
Rational Insight 1.1.1.4 and 1.1.1.5 and 1.1.1.6 and 1.1.1.7
-
If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first.
Review the topics in Security Bulletin: A security vulnerability has been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-3427) for addressing the listed vulnerability in the underlying Jazz Team Server. -
If the Cognos-based reporting server is used, also perform this step.
Download the IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 16 (Implemented by file 10.2.5010.512).
Review technote 1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x for the detailed instructions for patch application.
Related
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C