Security Bulletin: : Multiple vulnerabilities in IBM Java SDK affect Identity Insight 8.0 and 8.1 (CVE-2014-4263) and (CVE-2014-4244)

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0 that is used by IBM WebSphere Application Server embedded in IBM InfoSphere Identity Insight. These issues were disclosed as part of the IBM Java SDK updates in July 2014.

Vulnerability Details

CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94606 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-4244 DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94605 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

Identity Insight 8.0 and 8.1

Remediation/Fixes

<Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
Identity Insight| 8.0.0
8.1.0|
| From the WebSphere__ Security Bulletin____. __

_Apply Interim Fix PI20799: Will upgrade you to IBM Java SDK Version 6 Service Refresh 16 Fix Pack 1 _

--OR–

Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 35 (7.0.0.35) or later (targeted to be available 13 October 2014).

Workarounds and Mitigations

None