Security Bulletin: Vulnerabilities in IBM Rational Insight Help System (CVE-2013-0464, CVE-2013-0467 & CVE-2013-0599)

Summary

IBM Eclipse Help System (IEHS) is a component bundled with IBM Rational Insight. It is used to display the Rational Insight web-based help content when the Rational Insight Help web application is deployed to IBM WebSphere Application Server.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

• Follow this link for more information (requires login with your IBM ID)
  —|—

CVE ID:CVE-2013-0464

**Description:**An unspecified vulnerability in IBM Eclipse Help System related to search could allow a remote attacker to affect confidentiality and integrity.

CVSS Base Score: 4.3
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/81060&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID:CVE-2013-0467

**Description:**An unspecified vulnerability in IBM Eclipse Help System related to URL crafting could allow a remote attacker to access unauthorized information.

CVSS Base Score: 4.0
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/81102&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVE ID:CVE-2013-0599

**Description:**An unspecified vulnerability in IBM Eclipse Help System related to parameter path crafting could allow a remote attacker to access sensitive information.

CVSS Base Score: 5.0
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83613&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/AU:N/C:P/I:N/A:N)

Affected Products and Versions

Rational Insight 1.1.1.1 and earlier.

Remediation/Fixes

Upgrade to Rational Insight Fix Pack 2 (1.1.1.2) for 1.1.1 or later.

Workarounds and Mitigations

None