5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
There are multiple vulnerabilities in the current releases of IBM® SDK Java™ Technology Edition that is used by Rational Functional Tester. These issues were disclosed as part of the IBM Java SDK updates for October 2015.
CVEID: CVE-2015-4872**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2015-4734**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the JGSS component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107356 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-5006**
DESCRIPTION:** IBM Java Security Components could allow an attacker with physical access to the system to obtain sensitive information from the Kerberos Credential Cache.
CVSS Base Score: 4.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106309 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
All versions of Rational Functional Tester from 8.2.0.0 through 8.6.0.6
Vendor Fixes:
Product | Version | APAR | Remediation/First fix |
---|---|---|---|
RFT | 8.2.0.0 - 8.2.0.x | None | Download the IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 15 iFix from the Fix Central and apply it. |
RFT | 8.2.1.0 - 8.2.1.x | None | Download the IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 15 iFix from the Fix Central and apply it. |
RFT | 8.2.2.1 | None | Download the IBM SDK, Java Technology Edition, Version 7 64-bit Service Refresh 16 Fix Pack 15 iFix from the Fix Central and apply it. |
RFT | 8.3.0 - 8.3.0.x | None | Download the IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 Fix Pack 20 iFix from the Fix Central and apply it. |
RFT | 8.5.0 - 8.5.0.x | None | Download the IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 Fix Pack 20 iFix from the Fix Central and apply it. |
RFT | 8.5.1 - 8.5.1.x | None | Download the IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 Fix Pack 20 iFix from the Fix Central and apply it. |
RFT | 8.6.0 - 8.6.0.6 | None | Download the IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 Fix Pack 20 iFix from the Fix Central and apply it. |
Note:
None