10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Potential security vulnerability issues may occur if you are using the Oracle Java 7 updates reported in Oracle Security Alert for CVE-2013-0422 when using IBM Collaborative Lifecycle Management (CLM) products (Rational Quality Manager, Rational Team Concert and Rational Requirements Composer) .
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID: CVE-2013-0422
Description: There is a vulnerability in Oracle Java SE for Java 7 Update 10 and earlier. Refer to Oracle Security Alert for CVE-2013-0422 for details.
This vulnerability can only be exploited as a client-side attack specifically targeting the browser software located on your desktop.
The CLM products do not contain any of these faulty components; however, if you have downloaded a vulnerable Oracle JRE and installed it on your workstation to be active in your browser, your workstation is vulnerable to takeover if you visit a compromised web site.
Note: The IBM Software Development Kit (SDK) and IBM Java Runtime Environment (JRE) are not vulnerable to this exploit.
Refer to Oracle Security Alert for CVE-2013-0422 for details.
Switch to another JRE.
Disable Java in your browser.
If you must use Java in your browser, avoid visiting untrusted web sites while Java is enabled.
CPE | Name | Operator | Version |
---|---|---|---|
ibm engineering test management | eq | any | |
ibm engineering workflow management | eq | 4.0.1 | |
rational requirements composer | eq | any |