4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:P/A:P
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.x and JDK v6.x that are used by InfoSphere Warehouse/DB2 Warehouse and Warehouse Tooling. These issues were disclosed as part of the IBM Java SDK updates in October 2014.
CVEID: CVE-2014-6457
DESCRIPTION: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97148 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVEID: CVE-2014-6558
DESCRIPTION: An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 2.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97151 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Affected Products and Versions
Product Version
| Affected Components| Note
—|—|—
InfoSphere Warehouse v9.7 (All Editions)
-Advanced Enterprise Edition
-Enterprise Edition
-Enterprise Base Edition
-Advanced Departmental Edition
-Departmental Edition
-Departmental Base Edition
-Developer Edition| - Design Studio| Affected Java version listed in the next table
InfoSphere Warehouse v10.1 (All Editions)
-Advanced Enterprise Edition
-Enterprise Edition
-Enterprise Base Edition
-Advanced Departmental Edition
-Departmental Edition
-Departmental Base Edition
-Developer Edition| - Design Studio| Affected Java version listed in the next table
DB2 for Linux, Unix and Windows v10.5
-Advanced Workgroup Server Edition
-Advanced Enterprise Server Edition
-Developer Edition| - Design Studio| Affected Java version listed in the next table
Affected Product | Affected Java version shipped | Remediated Java Version |
---|---|---|
InfoSphere Warehouse v9.7 (All Editions) | ||
- Advanced Enterprise Edition | ||
- Enterprise Edition | ||
- Enterprise Base Edition | ||
- Advanced Departmental Edition | ||
- Departmental Edition | ||
- Departmental Base Edition | ||
- Developer Edition | - 9.7 -> 6.0.2 | |
- 9.7.1 -> 6.0.5 | ||
- 9.7.2 -> 6.0.5 | ||
- 9.7.3 -> 6.0.9 | 6.0.x -> 6 SR16-FP2 (November 14 2014) : | |
->For Windows: http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=6.0.16.2-JavaSE-SDK-Windowsx8632&continue=1 |
->For Linux: http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=6.0.16.2-JavaSE-SDK-Linuxx8632&continue=1
InfoSphere Warehouse v10.1 (All Editions)
- Advanced Enterprise Edition
- Enterprise Edition
- Enterprise Base Edition
- Advanced Departmental Edition
- Departmental Edition
- Departmental Base Edition
- Developer Edition| - 10.1 -> 6.0.10
- 10.1.0.2 -> 7.0.2| 6.0.x -> 6 SR16-FP2 (November 14 2014) :
->For Windows: http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=6.0.16.2-JavaSE-SDK-Windowsx8632&continue=1
7.0.x -> 7 SR8 (November 14 2014) :
->For Windows: http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.8.0-JavaSE-SDK-Windowsx8632&continue=1
->For Linux: http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.8.0-JavaSE-SDK-Linuxx8632&continue=1
DB2 for Linux, Unix and Windows v10.5
- Advanced Workgroup Server Edition
- Advanced Enterprise Server Edition
- Developer Edition| - 10.5 -> 7.0.2
- 10.5.0.4 -> 7.1.1
- 10.5.0.5 -> 7.1.1| 7.0.x -> 7 SR8 (November 14 2014) :
->For Windows: http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.8.0-JavaSE-SDK-Windowsx8632&continue=1
->For Linux: http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.8.0-JavaSE-SDK-Linuxx8632&continue=1
7.1.x -> 7R1 SR2 (October 30 2014)
->For Windows: http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.2.0-JavaSE-SDK-Windowsx8664&continue=1
Before you begin, go to the table above and find the IBM SDK, Java™ Technology Edition download link that matches your product version and platform. If you cannot find the download link for your product version and platform, contact IBM Technical Support and refer to this security bulletin.
On Windows, complete the following steps:
On LINUX, complete the following steps:
*** NOTE:** You might have to repeat steps 4 through 8 for Windows or 5 through 9 for Linux after you install an APAR or upgrade to a newer version of Java, if the version of the IBM SDK, Java™ Technology Edition that is installed with the product is older than the version of Java that you installed following the above instructions. You can determine the version of the IBM SDK, Java™ Technology Edition that is installed with the product by looking at the version.properties file (for example: Windows C:\Program Files\IBM\ISWarehouse\ds \jdk\jre\lib\version.properties or Linux /opt/ISWarehouse/ds/jdk/jre/ lib/version.properties); or by running the command “java -version” (for example: Windows “C:\Program Files\IBM\ISWarehouse\ds \jdk\jre \bin\java -version” or Linux Linux /opt/ ISWarehouse/ds /jdk/jre/bin/java -version").
No workaround.