IBM9A6852E1025FB688E53AAC5ACEA433D075A2F858D02BA393CF252E8CF18E0EACSecurity Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0440)
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Summary
Previous releases of IBM Rational Automation Framework are affected by a vulnerability in Java that may allow remote attackers to influence the availability of the Framework Server.
Vulnerability Details
| Subscribe to My Notifications to be notified of important product support alerts like this.
- Follow this link for more information (requires login with your IBM ID)
—|—
CVE ID: CVE-2013-0440 **
Description: **Unspecified vulnerability in IBM Java Runtime Environment may allow remote attackers to affect availability via vectors related to JSSE.
The attack does not require local network access nor does it require authentication, but some degree of specialized knowledge and techniques are required. An exploit would not impact the confidentiality of information or the integrity of data, but the availability of the system could be compromised.
_
_**CVSS Base Score:**5
**CVSS Temporal Score:*See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81799> for the current score
CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected Products and Versions
Rational Automation Framework 3.0.0.5 and earlier on all supported platforms.
Remediation/Fixes
For all affected versions of Rational Automation Framework_
_Upgrade to Rational Automation Framework version 3.0.1 or later.
Workarounds and Mitigations
None
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P