Security Bulletin: Security vulnerability in current IBM SDK for Java for WebSphere Application Server Community Edition 3.0.0.4 Jan 2014 CPU (CVE-2014-0411)

Summary

Security vulnerability exists in the IBM SDK for Java that is shipped with IBM WebSphere Application Server Community Edition 3.0.0.4.

Vulnerability Details

CVE ID: CVE-2014-0411

DESCRIPTION: The vulnerability can be exploited over the ‘SSL/TLS’ protocol. This issue affects the ‘JSSE’ sub-component.

CVSS:

CVSS Base Score: 4

CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90357&gt; for the current score

CVSS Environmental Score:* Undefined

CVSS Vector: (AV/N:AC/H:Au/N:C/P:I/P:A/N)

Affected Products and Versions

WebSphere Application Server Community Edition 3.0.0.4

Workarounds and Mitigations

Upgrade your SDK to an interim fix level as determined below:

IBM SDK 6.0:

Please upgrade your SDK to IBM SDK 6 SR15-FP1 or IBM SDK 6.0.1 SR7-FP1

IBM SDK 7.0:

Please upgrade your SDK to IBM SDK 7 SR6-FP1 or IBM SDK 7R1.

Kindly remind the client who uses Oracle SDK.

Oracle SDK 1.6:

Please upgrade your SDK to Oracle SDK 1.6.0_71.

Oracle SDK 1.7:

Please upgrade your SDK to Oracle SDK 1.7.0_51.