Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2014-4244, CVE-2014-4263)

Summary

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by Rational Service Tester and were disclosed as part of the IBM Java SDK updates in July 2014.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

• Follow this link for more information (requires login with your IBM ID)
  —|—

CVEID: CVE-2014-4263

Description: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-4244

Description: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

Rational Service Tester versions 8.1 - 8.6

Remediation/Fixes

Upgrade to Rational Service Tester for SOA Quality Fix Pack 1 (8.6.0.1) for 8.6

Rational Service Tester 8.6.0.1 provides IBM JRE 7 iFixes which corrects these issues.

Vendor Fix(es):

Example:

Workarounds and Mitigations

None