Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in April 2017.

Vulnerability Details

CVEID: CVE-2017-3511
DESCRIPTION: An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 7.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124890&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

Affected Products and Versions

Rational Application Developer 9.6.1 and earlier

Remediation/Fixes

Update the IBM SDK, Java Technology Edition of the product to address this vulnerability:

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
Rational Application Developer| 9.5 through 9.6|

PI85999

|

• For all versions, IBM SDK Technology Edition Critical Patch Update - April 2017
  Rational Application Developer| 8.5 through 9.1|

PI85999

|

• For all versions, IBM SDK Technology Edition Critical Patch Update - April 2017

Workarounds and Mitigations

No known workarounds.