Security Bulletin: A vulnerability in IBM Java SDK affects Rational Application Developer for WebSphere (CVE-2014-4263)

2020-02-0500:09:48

www.ibm.com

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

JSON

Summary

There is a vulnerability in IBM SDK Java Technology Edition, Versions 5, 6, and 7 that is used by Rational Application Developer for WebSphere. This issue was disclosed as part of the IBM Java SDK updates in July 2014.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

Follow this link for more information (requires login with your IBM ID)
—|—

CVEID:CVE-2014-4263
**DESCRIPTION:**An unspecified vulnerability related to the Security component has partial
confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID:CVE-2014-3068**
DESCRIPTION:*A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. . CVSS Base Score: 2.4 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93756> for the current score CVSS Environmental Score: Undefined CVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)

Affected Products and Versions

Rational Application Developer 9.1.0.1 and earlier.

Remediation/Fixes

Update the Java Development Kit of the product to address this vulnerability:

Product	VRMF	APAR	Remediation/First Fix
Rational Application Developer	7.0 through 9.1.0.1	PI23369

For all versions, apply IBM SDK Java Technology Edition Critical Patch Update - July 2014
Rational Agent Controller| 7.0 through to 9.1| PI23369|
Apply IBM Rational Agent Controller version 9.1.1
Rational Build Utility| 7.5 through to 9.1.0.1| PI23369|
For use on Windows or Linux: apply IBM SDK Java Technology Edition Critical Patch Update - July 2014
For use on System z:
- Version 7.5: Apply the latest Java 2 Technology Edition, V5 PTF.
- Version 8.0 and 8.5: Apply the latest Java Technology Edition, V6.0.0 PTF.
- Version 9.0 and 9.1: Apply the latest Java Technology Edition, V7.0.0.

|
|
|

Workarounds and Mitigations

None

CPENameOperatorVersion
rational application developer for websphere softwareeq7.0
rational application developer for websphere softwareeq7.0.0.1
rational application developer for websphere softwareeq7.0.0.10
rational application developer for websphere softwareeq7.0.0.2
rational application developer for websphere softwareeq7.0.0.3
rational application developer for websphere softwareeq7.0.0.4
rational application developer for websphere softwareeq7.0.0.5
rational application developer for websphere softwareeq7.0.0.6
rational application developer for websphere softwareeq7.0.0.7
rational application developer for websphere softwareeq7.0.0.8

Name	Operator	Version
rational application developer for websphere software	eq	7.0
rational application developer for websphere software	eq	7.0.0.1
rational application developer for websphere software	eq	7.0.0.10
rational application developer for websphere software	eq	7.0.0.2
rational application developer for websphere software	eq	7.0.0.3
rational application developer for websphere software	eq	7.0.0.4
rational application developer for websphere software	eq	7.0.0.5
rational application developer for websphere software	eq	7.0.0.6
rational application developer for websphere software	eq	7.0.0.7
rational application developer for websphere software	eq	7.0.0.8