Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool OMNIbus (CVE-2014-4263, CVE-2014-4244)

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 5, 6, and 7 that are used by Tivoli Netcool OMNIbus. These issues were disclosed as part of the IBM Java SDK updates in July 2014.

Vulnerability Details

CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94606 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-4244 DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94605 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

Tivoli Netcool/OMNIbus 7.3.0
Tivoli Netcool/OMNIbus 7.3.1
Tivoli Netcool/OMNIbus 7.4.0
Tivoli Netcool/OMNIbus 8.1.0

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
OMNIbus| 7.3.0.14| IV63169| <http://www-01.ibm.com/support/docview.wss?uid=swg24036692&gt;
_OMNIbus _| 7.3.1.10| IV63169| <http://www-01.ibm.com/support/docview.wss?uid=swg24036685&gt;
OMNIbus| 7.4.0.5| IV63169| <http://www-01.ibm.com/support/docview.wss?uid=swg24036689&gt;
_OMNIbus _| 8.1.0.1| IV63169| <http://www-01.ibm.com/support/docview.wss?uid=swg24037996&gt;

Workarounds and Mitigations

None