Lucene search

K
ibmIBMB666EC6C0BD4BE5CA16CBCF49F043C9E29F3715F1DF3ABE11300D1257417FBA7
HistoryJun 17, 2018 - 5:10 a.m.

Security Bulletin: Vulnerability in IBM Java SDK affect Rational Automation Framework (CVE-2015-4872)

2018-06-1705:10:30
www.ibm.com
15

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

Summary

There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7SR8 that is used by Rational Automation Framework. This issue was disclosed as part of the IBM Java SDK updates in October 2015.

Vulnerability Details

CVEID: CVE-2015-4872**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Rational Automation Framework 3.0.1, 3.0.1.1, 3.0.1.2.x, 3.0.1.3.x on all supported platforms.

Remediation/Fixes

Upgrade to RAF 3.0.1.3 ifix6 or later.

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N