Lucene search

K
ibmIBMD8DA116B2D4493562BEA31A018D27CE43F1BE426379E1BC96AE3D277712CF0E4
HistoryJun 15, 2018 - 7:01 a.m.

IBM WebSphere Cast Iron Security Bulletin: Security vulnerability in IBM JRE 6 and IBM JRE 7

2018-06-1507:01:16
www.ibm.com
28

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

Abstract

Security vulnerability exist in the IBM Java Runtime Environment component of WebSphere Cast Iron in IBM JRE 6.0 SR15 FP1 (and earlier) and IBM JRE 7.0 SR6 FP1 (and earlier)

Content

VULNERABILITY DETAILS

There is a security vulnerability in the IBM Java Runtime Environment used in WebSphere Cast Iron.

CVEID: CVE-2014-0453

DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. CVSS Base Score: 4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92490 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

AFFECTED PLATFORMS:
IBM WebSphere Cast Iron v6.0, v6.1 v6.3, v6.4 and v7.0 Studio, Virtual Appliance and Physical Appliance
IBM WebSphere Cast Iron v6.3 and v7.0 Live SaaS offering.

WORKAROUND:
None available; Apply the fix detailed below.

REMEDIATION:
Apply the fix detailed below.

FIX:

For WebSphere Cast Iron version v6.0 :
Install the v6.0.0.6 interim fix or upgrade to v6.1.0.15/v6.3.0.2/v6.4.0.1 by applying the relevant interim fix.

For WebSphere Cast Iron version v6.1 *****:
Install the v6.1.0.15 interim fix or upgrade to v6.3.0.2/v6.4.0.1/v7.0.0.1 by applying the relevant interim fix.

For IBM WebSphere Cast Iron v6.3 *****:
Install the v6.3.0.2 interim fix or upgrade to v6.4.0.1/v7.0.0.1 by applying the relevant interim fix.

For IBM WebSphere Cast Iron v6.4 *****:
Install the v6.4.0.1 interim fix or upgrade to v7.0.0.1 by applying the relevant interim fix…

For IBM WebSphere Cast Iron v7.0:
Install the v7.0.0.1 interim fix.

*** Upgrade to v7 should not be attempted on v6.1, v6.3, v6.4 virtual appliance if the appliance was originally a fresh install of v6.0 and later upgraded to a higher version. Please refer to this**link.

The WebSphere Cast Iron V6.0 interim fix can be obtained via this link
The WebSphere Cast Iron V6.1 interim fix can be obtained via this link
The WebSphere Cast Iron V6.3 interim fix can be obtained via this link
The WebSphere Cast Iron V6.4 interim fix can be obtained via this link
The WebSphere Cast Iron V7.0 interim fix can be obtained via this link

SaaS offering (WebSphere Cast Iron Live v6.3):
The WebSphere Cast Iron V6.3 SaaS offering is scheduled to be updated during Aug 2014’s maintenance window to address the IBM Java Security Vulnerability.

SaaS offering (WebSphere Cast Iron Live v7.0):

The WebSphere Cast Iron V7.0 SaaS offering is scheduled to be updated during Aug 2014’s maintenance window to address the IBM Java Security Vulnerability.

APAR LI78037 is targeted for availability in IBM WebSphere Cast Iron v6.0.0.7, v6.1.0.16, v6.3.0.3, v6.4.0.2 and v7.0.0.2

MITIGATION:
None known

REFERENCES:
Complete CVSS Guide (http://www.first.org/cvss/v2/guide)
On-line Calculator V2 (http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2)

CVE-2014-0453 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453&gt;)

CHANGE HISTORY:
<2014/08/07>: Original Copy Published

[{“Product”:{“code”:“SSGR73”,“label”:“IBM Cast Iron Cloud Integration”},“Business Unit”:{“code”:“BU053”,“label”:“Cloud & Data Platform”},“Component”:“–”,“Platform”:[{“code”:“PF009”,“label”:“Firmware”}],“Version”:“7.0.0.1;7.0.0;6.4.0.1;6.4.0.0;6.3.0.2;6.3.0.1;6.3;6.2;6.1.0.9;6.1.0.8;6.1.0.7;6.1.0.6;6.1.0.4;6.1.0.3;6.1.0.2;6.1.0.15;6.1.0.12;6.1.0.10;6.1.0.1;6.1;6.0.0.6;6.0.0.5;6.0.0.4;6.0.0.3;6.0.0.2;6.0.0.1;6.0.0”,“Edition”:“Virtual;Physical;Cloud”,“Line of Business”:{“code”:“LOB45”,“label”:“Automation”}}]

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N