7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 that is used by Rational Functional Tester. These issues were disclosed as part of the IBM Java SDK updates in October 2017.
If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities, please refer to the link for “IBM Java SDK Security Bulletin" located in the References section for more information.
CVEID: CVE-2017-10388 DESCRIPTION: An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133813> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-10356 DESCRIPTION: An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133785> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2017-10309 DESCRIPTION: An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133738> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)
All versions of Rational Functional Tester from 8.3.0.0 through 9.1.1
Vendor Fixes:
For Rational Functional Tester versions 8.0.x 8.1.x, and 8.2.x , IBM recommends upgrading to a fixed, supported version or release of the product.
Product | Version | APAR | Remediation/First fix |
---|---|---|---|
RFT | 8.3.0 - 8.3.0.x | None | Download IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 iFix from the Fix Central and apply it. |
RFT | 8.5.0 - 8.5.0.x | None | Download IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 iFix from the Fix Central and apply it. |
RFT | 8.5.1 - 8.5.1.x | None | Download IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 iFix from the Fix Central and apply it. |
RFT | 8.6.0 - 8.6.0.6 | None | Download IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 iFix from the Fix Central and apply it. |
RFT | 8.6.0.7 - 8.6.0.10 | None | Download IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 5 iFix from the Fix Central and apply it. |
RFT | 9.1.0 - 9.1.1 | None | Download IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 5 iFix from the Fix Central and apply it. |
Note:
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P