Security Bulletin: A vulnerability in the IBM SDK Java™ Technology Edition affects IBM InfoSphere Information Server and IBM InfoSphere Data Click (CVE-2014-0453)

Summary

A vulnerability affecting both IBM InfoSphere Information Server and IBM InfoSphere Data Click has been identified in a security component. The vulnerability has partial confidentiality impact and partial integrity impact.

Vulnerability Details

CVE ID:CVE-2014-0453****

CVSS:
CVSS Base Score: 4.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92490 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

-- IBM InfoSphere Information Server versions 8.0, 8.1, 8.5, 8.7, 9.1 and 11.3 running on all platforms
-- IBM InfoSphere Data Click version 10.0 running on Linux

Remediation/Fixes

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
InfoSphere Information Server| 11.3| JR50275| --Follow instructions in the README
InfoSphere Data Click| 10.0| JR50275| Contact IBM customer support to obtain the fix.
InfoSphere Information Server| 9.1| JR50275| --Apply JR50275
InfoSphere Information Server| 8.7| JR50275| --Apply IBM InfoSphere Information Server version 8.7 Fix Pack 2
--Apply JR50275
InfoSphere Information Server| 8.5| JR50275| --Apply IBM InfoSphere Information Server version 8.5 Fix Pack 3
--Apply JR50275
InfoSphere Information Server| 8.1| None| Contact IBM customer support.
InfoSphere Information Server| 8.0| None| Contact IBM customer support.

Note:
The same fix may be listed under multiple vulnerabilities. Installing the fix addresses all vulnerabilities to which the fix applies. Also, some fixes require installing both a fix pack and a subsequent patch. While the fix pack must be installed first, any additional patches required may be installed in any order.

Workarounds and Mitigations

None known, apply fixes