Security Bulletin: CVSS5 TLS Issue Disclosed in the Summary Advisory for the Oracle October 2012 CPU (CVE-2012-5081)

Summary

Previous releases of IBM QRadar Security Information and Event Manager and IBM Security QRadar Risk Manager are affected by a vulnerability reported in 3rd party code. This is in regards to a denial of service vulnerability.

Vulnerability Details

CVE ID: CVE-2012-5081

DESCRIPTION:
A vulnerability in the JDK’s TLS implementation can impact the availability of the Jazz server bundled with QRadar SIEM and QRadar Risk Manager preventing users from logging in. The attacker can conduct the attack over the internet. No authentication is required for this attack. No specialized knowledge of QRadar SIEM or QRadar Risk Manager is necessary to conduct this attack.

CVSS:
_CVSS Base Score: 5
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/79435&gt;__ for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Running on Linux - RedHat 6:
IBM Security QRadar SIEM and IBM Security QRadar Risk Manager version 7.1 and 7.1 MR1

Remediation/Fixes

The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available.** **
Vendor Fix(es):
_For _QRadar SIEM and QRadar Risk Manager v. 7.1 and 7.1 MR1
· _Upgrade to _QRadar SIEM _and QRadar Risk Manager 7.1 MR2
_
If you are unable to upgrade, contact IBM Technical Support.

Workarounds and Mitigations

Not applicable; upgrade to QRadar SIEM or QRadar Risk Manager 7.1 MR2