4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
IBM Sterling Connect:Direct Browser is shipped with IBM Runtime Environment, Java™ Technology Edition (the “IBM RE”), that is based on an Oracle Java Runtime Environment (JRE). Oracle has released the January 2014 critical patch updates (CPU) that contain security vulnerability fixes for the JRE. The IBM RE has been updated to incorporate these fixes and security fixes that are specific to the IBM RE. IBM Sterling Connect:Direct Browser is affected by one of the vulnerabilities in the CPU, and the IBM RE shipped with IBM Sterling Connect:Direct Browser has been updated to remediate the vulnerability.
CVE ID: CVE-2014-0411
DESCRIPTION:
An unspecified vulnerability in Oracle Java SE related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4.0
CVSS Temporal Score: See xfdb/http://xforce.iss.net/xforce/90357 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N))
IBM Sterling Connect:Direct browser 1.5.0 through 1.5.0.2 iFix05
IBM Sterling Connect:Direct browser 1.4.0 through 1.4.11 iFix03
The recommended solution is to upgrade to the current release as soon as practical. Please see below for information about the fixes available.
_Fix_* | VRMF | APAR | How to acquire fix |
---|---|---|---|
iFix 6 | 1.5.0.2 | N/A | http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Connect+Direct+Browser&release=1.5.0.2&platform=All&function=all |
iFix4 | 1.4.11 | N/A | https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm sterling connect:direct | eq | 1.5 | |
ibm sterling connect:direct | eq | 1.4 |