Summary
An unspecified vulnerability in Java SE related to the Kerberos component.
Vulnerability Details
CVEID:CVE-2019-2949
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169254 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
Affected Products and Versions
Affected Product(s) |
Version(s) |
DataQuant for z/OS |
2.1 |
DataQuant for Multiplatforms |
2.1 |
Remediation/Fixes
Steps to update JRE - DataQuant:
- Close DataQuant.
- Download JRE (ibm-java-jre-80-win-i386) and extract the files to a temporary location.
- Replace jre folder at the install directory location –> “C:\Program Files (x86)\IBM\IBM DataQuant\DataQuant for Workstation”. Replace with contents in step # 2.
- Download eclipse oxygen from <https://www.eclipse.org/downloads/download.php?file=/technology/epp/downloads/release/oxygen/3a/eclipse-jee-oxygen-3a-win32-x86_64.zip>
- Extract the eclipse oxygen and copy the plugin - org.apache.jasper.glassfish_2.2.2.v201501141630.jar from eclipse-jee-oxygen-3a-win32-x86_64\eclipse\plugins
- Copy org.apache.jasper.glassfish_2.2.2.v201501141630.jar in the folder where DataQuant is installed - C:\Program Files (x86)\IBM\IBM DataQuant\DataQuant for Workstation\plugins
- Delete the older plugin org.apache.jasper.glassfish_2.2.2.v201205150955.jar from the DataQuant install directory
Workarounds and Mitigations
None