Security Bulletin: IBM InfoSphere Master Data Management Reference Data Management – Java CPU Feb 2013 (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Abstract

Multiple security vulnerabilities exist in the IBM Java SDK shipped with IBM WebSphere Application Server that affects IBM InfoSphere Master Data Management versions 10.0.0, 10.1.0,and 11.0.0

Content

VULNERABILITY DETAILS:

CVE-2013-0440 - Unspecified vulnerability in Java Runtime Environment allows remote attackers to affect availability via vectors related to JSSE.
CVSS Base Score: 5
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/81799&gt;_
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2013-0443 - Unspecified vulnerability in Java Runtime Environment allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
CVSS Base Score: 4
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/81801&gt;_
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVE-2013-0169 - The TLS protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets, aka the “Lucky Thirteen” issue.
CVSS Base Score: 4.3
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/81902&gt;_
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

AFFECTED PRODUCTS:

IBM InfoSphere Master Data Management Reference Data Management Hub versions 10.0.0.0, 10.1.0.0, 11.0.0.0

REMEDIATION:

· For IBM InfoSphere Master Data Management Reference Data Management Hub version v10.0.0 using IBM WebSphere Application Server V7.0.0.0 through 7.0.0.27
o Apply Interim Fix PM80757: This will upgrade your system to SDK 6 SR13**_ _**+IV36426+IV37419+IV37656+IV38029

· For IBM InfoSphere Master Data Management Reference Data Management Hub version v10.1.0. using IBM WebSphere Application Server V8.0.0.0 through 8.0.0.5:
o Apply Interim Fix PM80758: This will upgrade your system to SDK 6 (J9 2.6) SR5_ _+IV36426+IV37419+IV37656+IV38029

· For IBM InfoSphere Master Data Management Reference Data Management Hub version v11.0.0.0 using IBM WebSphere Application Server V8.5.0.2
o Apply Interim Fix PM86919: Will upgrade you to SDK 6 (J9 2.6) SR5 +IV36426+IV37419+IV37656+IV38029

V_ENDOR _FIX(ES)

W****ORKAROUND(S):
· None known, apply fixes

MITIGATION(S):
· None known

REFERENCES:
· Complete CVSS Guide
· On-line Calculator V2
· X-Force Vulnerability Database_ _
· CVE-2013-0440, _<https://exchange.xforce.ibmcloud.com/vulnerabilities/81799&gt;_
· CVE-2013-0443, _<https://exchange.xforce.ibmcloud.com/vulnerabilities/81801&gt;_
· CVE-2013-0169, _<https://exchange.xforce.ibmcloud.com/vulnerabilities/81902&gt;_

[{“Product”:{“code”:“SSWSR9”,“label”:“IBM InfoSphere Master Data Management”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:“Not Applicable”,“Platform”:[{“code”:“PF002”,“label”:“AIX”},{“code”:“PF010”,“label”:“HP-UX”},{“code”:“PF016”,“label”:“Linux”},{“code”:“PF027”,“label”:“Solaris”}],“Version”:“10.0;10.1;11.0”,“Edition”:“”,“Line of Business”:{“code”:“LOB10”,“label”:“Data and AI”}},{“Product”:{“code”:“SSFV65”,“label”:“InfoSphere Master Data Management Reference Data Management Hub”},“Business Unit”:{“code”:“BU053”,“label”:“Cloud \u0026 Data Platform”},“Component”:“Not Applicable”,“Platform”:[{“code”:“PF002”,“label”:“AIX”},{“code”:“PF010”,“label”:“HP-UX”},{“code”:“PF016”,“label”:“Linux”},{“code”:“PF027”,“label”:“Solaris”}],“Version”:“10.0;10.1;11.0”,“Edition”:“”,“Line of Business”:{“code”:“”,“label”:“”}}]