Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2015-2601, CVE-2015-2625, CVE-2015-1931 )

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.7 that is used by Rational Service Tester. These issues were disclosed as part of the IBM Java SDK updates in July 2015.

Vulnerability Details

CVEID: CVE-2015-2601**
DESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104733 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-2625**
DESCRIPTION:** An unspecified vulnerability related to the JSSE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 2.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104743 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-1931**
DESCRIPTION:** IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system.
CVSS Base Score: 2.1
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/102967&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Affected Products and Versions

Rational Service Tester versions 8.2., 8.3., 8.5., 8.6.. 8.7.0.*.

Remediation/Fixes

It is strongly recommended to upgrade to Rational Service Tester versio 8.7.1.

Workarounds and Mitigations

None.