Security Bulletin: Multiple vulnerabilities in IBM DB2 Performance Expert and IBM InfoSphere Optim Performance Manager due to vulnerabilities in IBM Java Runtime Environment (CVE-2012-1720, CVE-2012-5081).

2022-09-2520:45:36

www.ibm.com

ibm db2

infosphere optim

java runtime environment

vulnerabilities

cve-2012-1720

cve-2012-5081

security upgrade

EPSS

0.022

Percentile

89.7%

JSON

Abstract

DB2® Performance Expert and InfoSphere® Optim™ Performance Manager use the IBM® Java™ Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE.

Content

VULNERABILITY DETAILS:

CVE ID:
CVE-2012-1720

DESCRIPTION:
An unspecified vulnerability in the JRE component allows local users to affect confidentiality, integrity, and availability through unknown vectors related to Networking.

CVSS:
CVSS Base Score: 3.7
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/76250
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

AFFECTED PRODUCTS:
IBM DB2 Performance Expert for Multiplatforms 3.1 through 3.1.2
IBM DB2 Performance Expert for Linux, UNIX, and Windows 3.2 through 3.2.3
Optim Performance Manager for DB2 on Linux, UNIX, and Windows 4.1.0.1 through 4.1.1
IBM InfoSphere Optim Performance Manager for DB2 on Linux, UNIX, and Windows 5.1 through 5.1.1.1

This vulnerability affects these products only when running on Sun Solaris systems. All other supported platforms are unaffected.

REMEDIATION:
To overcome the security vulnerability, you must upgrade the IBM JRE. To upgrade the IBM JRE, perform an upgrade installation to the next version or an APAR fix level that contains the fix.

Affected
VRMF|Fix
VRMF|APAR|Download URL
—|—|—|—
4.1.0.1 through 4.1.1| 4.1.1.1| IC89834| http://www-933.ibm.com/support/fixcentral/
5.1 through 5.1.1.1| 5.1.1.1| IC89844| http://www-933.ibm.com/support/fixcentral/
_ _
_ For affected versions for which no fix is listed, contact IBM Software Support.
_

WORKAROUND(S):
None

** MITIGATION(S):**
None

VULNERABILITY DETAILS:

CVE ID:
CVE-2012-5081

DESCRIPTION:
Unspecified vulnerability allows remote attackers to affect availability related to JSSE.

CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/79435
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Affected
VRMF|Fix
VRMF|APAR|Download URL
—|—|—|—
4.1.0.1 through 4.1.1| 4.1.1.1| IC89834| http://www-933.ibm.com/support/fixcentral/
5.1 through 5.1.1.1| 5.1.1.1| IC89844| http://www-933.ibm.com/support/fixcentral/
5.2| 5.2| IC89851| http://www-933.ibm.com/support/fixcentral/

For affected versions for which no fix is listed, contact IBM Software Support.

WORKAROUND(S):
None

** MITIGATION(S):**
None

REFERENCES:
CVSS Documentation (<http://www.first.org/cvss>)
On-line Calculator V2 (http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2)
X-Force Vulnerability Database (https://exchange.xforce.ibmcloud.com/vulnerabilities/79435)
CVE-2012-5081 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081)
X-Force Vulnerability Database (https://exchange.xforce.ibmcloud.com/vulnerabilities/76250)
CVE-2012-1720 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081)

RELATED INFORMATION:
IBM Secure Engineering Web Portal (<http://www-03.ibm.com/security/secure-engineering/>)

IBM Product Security Incident Response Blog (https://www.ibm.com/blogs/psirt)

CHANGE HISTORY:
02/25/2013 Original Copy Published

[{“Product”:{“code”:“SSBH2R”,“label”:“InfoSphere Optim Performance Manager for Db2 for Linux, UNIX, and Windows”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:“–”,“Platform”:[{“code”:“PF027”,“label”:“Solaris”}],“Version”:“4.1;5.1;5.1.1;5.1.1.1”,“Edition”:“”,“Line of Business”:{“code”:“”,“label”:“”}}]