Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6A453F99934A8B70D5862FB9ABD13B8CDB97B6A060D59275B2741479656E692A
HistoryJun 17, 2018 - 4:52 a.m.

Security Bulletin: Rational Insight - Oracle CPU October 2013 (CVE-2013-5802, CVE-2013-5825)

2018-06-1704:52:00
www.ibm.com
12

EPSS

0.1

Percentile

94.9%

JSON

Summary

Multiple security vulnerabilities exist in the IBM JRE that is shipped with Rational Insight. The same security vulnerabilities also exist in the IBM Java SDK that is shipped with the IBM WebSphere Application Server (WAS).

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

  • Follow this link for more information (requires login with your IBM ID)
    โ€”|โ€”

The IBM JRE installed with Rational Insight is based on the Oracle JRE and the IBM Java SDK installed with WAS is based on the Oracle JDK. Oracle has released Critical Patch Updates (CPU) October 2013 which contain security vulnerability fixes and the IBM JRE and Java SDK have been updated to incorporate those updates.

See <http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html&gt; for the list of security vulnerabilities fixed by the Oracle CPU October 2013.

Note: WAS itself is not vulnerable to all the advisories. However, Rational Insight is vulnerable to the following two advisories:

CVE ID: CVE-2013-5802

**Description:**Unspecified vulnerability in the Java Runtime Environment (JRE) component. A malicious user is able to exploit vulnerabilities in the JAXP component to affect confidentiality, integrity and availability of the Rational Insight report server

CVSS Base Score: 7.5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/87982&gt;[](&lt;https://exchange.xforce.ibmcloud.com/vulnerabilities/85044&gt;) for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/P)

CVE ID: CVE-2013-5825

**Description:**Unspecified vulnerability in the Java Runtime Environment (JRE) component. A malicious user is able to exploit vulnerabilities in the JAXP component to affect the availability of the Rational Insight report server.

CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/87988&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/N:A/P)

Affected Products and Versions

Rational Insight 1.0.1, 1.0.1 iFix1, 1.0.1.1, 1.1, 1.1.1, 1.1.1.1, 1.1.1.2 and 1.1.1.3

Remediation/Fixes

The recommended solution is to apply the recommended fixes to all affected versions of Rational Insight as soon as practical.

Rational Insight 1.0.1, 1.0.1 iFix1 and 1.0.1.1

  1. Download and install the Cognos 8 Business Intelligence 8.4.1 Interim Fix 4 for Security Exposure.
    Read technote 1664606: Install Cognos 8 Business Intelligence 8.4.1 Interim Fix 4 for Security Exposure to resolve security vulnerabilities in RRDI 1.0.2.x and Rational Insight 1.0.1.x - Oracle CPU October 2013 for instructions.

  2. Upgrade your WAS Java SDK to IBM Java 6 SR15, IBM Java 6.0.1 SR7 or IBM Java 7 SR6. Read technote 1664395: Upgrade the WebSphere Application Server Java SDK to resolve security vulnerabilities in Rational Reporting for Development Intelligence and Rational Insight - Oracle CPU October 2013 for detailed instructions.

Rational Insight 1.1

  1. Download and install the Cognos Business Intelligence 10.1.1 Interim Fix 5. Read technote 1664618: Install Cognos Business Intelligence 10.1.1 Interim Fix 5 to resolve security vulnerabilities in Rational Insight 1.1 - Oracle CPU October 2013 for detailed instructions.

  2. Upgrade your WAS Java SDK to IBM Java 6 SR15, IBM Java 6.0.1 SR7 or IBM Java 7 SR6. Read technote 1664395: Upgrade the WebSphere Application Server Java SDK to resolve security vulnerabilities in Rational Reporting for Development Intelligence and Rational Insight - Oracle CPU October 2013 for detailed instructions.

Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2

  1. Download and install the Cognos Business Intelligence 10.1.1 Interim Fix 5. Read technote 1664614: Install Cognos Business Intelligence 10.1.1 Interim Fix 5 to resolve security vulnerabilities in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x - Oracle CPU October 2013 for the detailed instructions.

  2. Upgrade your WAS Java SDK to IBM Java 6 SR15, IBM Java 6.0.1 SR7 or IBM Java 7 SR6. Read technote 1664395: Upgrade the WebSphere Application Server Java SDK to resolve security vulnerabilities in Rational Reporting for Development Intelligence and Rational Insight - Oracle CPU October 2013 for the detailed instructions.

  3. Download and install the RRDI 2.0.x JRE Patch. Read technote 1664393: Install the RRDI 2.0.x JRE Patch to resolve security vulnerabilities in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x - Oracle CPU October 2013 for the detailed instructions.

Rational Insight 1.1.1.3

  1. Download and install the Cognos Business Intelligence 10.2.1 Interim Fix 4. Read technote 1664630: Install Cognos Business Intelligence 10.2.1 Interim Fix 4 to resolve security vulnerabilities in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x - Oracle CPU October 2013 for the detailed instructions.

  2. Upgrade your WAS Java SDK to IBM Java 6 SR15, IBM Java 6.0.1 SR7 or IBM Java 7 SR6. Read technote 1664395: Upgrade the WebSphere Application Server Java SDK to resolve security vulnerabilities in Rational Reporting for Development Intelligence and Rational Insight - Oracle CPU October 2013 for the detailed instructions.

  3. Download and install the RRDI 2.0.x JRE Patch. Read technote 1664393: Install the RRDI 2.0.x JRE Patch to resolve security vulnerabilities in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x - Oracle CPU October 2013 for the detailed instructions.

Workarounds and Mitigations

None

Related

ibm 23
f5 4
cve 2
veracode 18
prion 2
cvelist 2
nvd 2
ubuntucve 2
openvas 30
nessus 41
redhat 9
mageia 2
oraclelinux 3
centos 3
amazon 2
ubuntu 2
suse 5
aix 1
kaspersky 1
securityvulns 1
oracle 1
gentoo 2
ibm
ibm
Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server Community 3.0.0.4 October 2013 CPU (CVE-2013-5802,CVE-2013-5825)
2018-06-15 06:59:08
Security Bulletin: Multiple security exposures in IBM Cognos Express (CVE-2013-5802, CVE-2013-5825)
2022-11-10 12:06:25
Security Bulletin: Multiple Vulnerabilities in current IBM SDK for Java for IBM Rational ClearQuest Web Client (CVE-2013-5802 and CVE-2013-5825)
2018-06-17 04:50:48
f5
f5
SOL53316849 - Java vulnerability CVE-2013-5802
2016-05-24 00:00:00
K53316849 : Java vulnerability CVE-2013-5802
2016-05-24 00:00:00
SOL48802597 - Java vulnerabilities CVE-2013-5825 and CVE-2013-5830
2016-06-09 00:00:00
cve
cve
CVE-2013-5825
2013-10-16 17:55:05
CVE-2013-5802
2013-10-16 17:55:05
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 04:54:23
Denial Of Service (DoS)
2019-05-02 04:54:23
Sandbox Restrictions Bypass
2019-05-02 04:58:34
prion
prion
Design/Logic Flaw
2013-10-16 17:55:00
Design/Logic Flaw
2013-10-16 17:55:00
cvelist
cvelist
CVE-2013-5825
2013-10-16 17:31:00
CVE-2013-5802
2013-10-16 17:31:00
nvd
nvd
CVE-2013-5825
2013-10-16 17:55:05
CVE-2013-5802
2013-10-16 17:55:05
ubuntucve
ubuntucve
CVE-2013-5802
2013-10-16 00:00:00
CVE-2013-5825
2013-10-16 00:00:00
openvas
openvas
F5 BIG-IP - Java vulnerabilities CVE-2013-5825 and CVE-2013-5830
2016-06-13 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 (Oct 2013) - Windows
2013-10-25 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01
2013-11-08 00:00:00
nessus
nessus
F5 Networks BIG-IP : Java vulnerabilities (K48802597)
2016-06-10 00:00:00
Juniper NSM < 2012.2R9 Multiple Java and Apache Vulnerabilities (JSA10642)
2014-08-22 00:00:00
Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-246)
2013-11-14 00:00:00
redhat
redhat
(RHSA-2013:1509) Important: java-1.5.0-ibm security update
2013-11-07 00:00:00
(RHSA-2013:1505) Important: java-1.6.0-openjdk security update
2013-11-05 00:00:00
(RHSA-2013:1447) Important: java-1.7.0-openjdk security update
2013-10-21 00:00:00
mageia
mageia
Updated java-1.6.0-openjdk package fixes multiple vulnerabilities
2013-11-13 23:05:43
Updated java-1.7.0-openjdk package fixes security vulnerabilities
2013-11-13 23:03:04
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-11-05 00:00:00
java-1.7.0-openjdk security update
2013-10-21 00:00:00
java-1.7.0-openjdk security update
2013-10-22 00:00:00
centos
centos
java security update
2013-11-05 20:45:16
java security update
2013-10-23 11:04:05
java security update
2013-10-22 07:41:01
amazon
amazon
Important: java-1.6.0-openjdk
2013-11-05 13:35:00
Critical: java-1.7.0-openjdk
2013-10-23 15:22:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2013-11-21 00:00:00
OpenJDK 7 vulnerabilities
2014-01-23 00:00:00
suse
suse
Security update for OpenJDK 7 (important)
2013-11-13 15:04:17
Security update for IBM Java 7 (important)
2013-11-22 08:04:19
Security update for IBM Java 5 (important)
2013-11-14 16:04:15
aix
aix
Multiple Java vulnerabilities
2013-12-11 10:53:34
kaspersky
kaspersky
KLA10492 Multiple vulnerabilities in Oracle products
2013-10-16 00:00:00
securityvulns
securityvulns
Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities
2013-12-09 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2013
2013-10-15 00:00:00
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

EPSS

0.1

Percentile

94.9%

JSON
Related for 6A453F99934A8B70D5862FB9ABD13B8CDB97B6A060D59275B2741479656E692A
ibm23f54cve2veracode18prion2cvelist2nvd2ubuntucve2openvas30nessus41redhat9mageia2oraclelinux3centos3amazon2ubuntu2suse5aix1kaspersky1securityvulns1oracle1gentoo2