Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDB22B3B68744FEE0B895F36BFE3C07C0C84967B87710DE01FEC11B662F3B8A89
HistorySep 10, 2020 - 3:49 p.m.

Security Bulletin: A vulnerability in IBM Java SDK affects Rational Software Architect for WebSphere Software (CVE-2014-4263)

2020-09-1015:49:00
www.ibm.com
22

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

JSON

Summary

The JSSE component’s Diffie-Hellman key exchange implementation is vulnerable to a man-in-the-middle attack. The fix adds a new check to prevent the attack.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

  • Follow this link for more information (requires login with your IBM ID)
    —|—

CVE ID:CVE-2014-4263

**Description:**The JSSE component’s Diffie-Hellman key exchange implementation is vulnerable to a man-in-the-middle attack. The fix adds a new check to prevent the attack.

CVSS Base Score: 4 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID:CVE-2014-3068**
DESCRIPTION:*A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. . CVSS Base Score: 2.4 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93756&gt; for the current score CVSS Environmental Score: Undefined CVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)

Affected Products and Versions

Rational Software Architect 9.1 and earlier
Rational Software Architect for WebSphere Software 9.1 and earlier
Rational Software Architect RealTime Edition 9.1 and earlier

Remediation/Fixes

Update the Java Development Kit of the product to address this vulnerability:

Product VRMF Remediation/Download FixCentral Link
Rational Software Architect

Rational Software Architect for Websphere Software

Rational Software Architect Standard Edition| 7.5.x to 7.5.5.5 iFix1
8.0.x to 8.0.4.2 iFix1|

IBM Java Platform Standard Edition Version 6 SR16 FP1

Rational Software Architect

Rational Software Architect for Websphere Software

Rational Software Architect RealTime Edition| 9.0, 9.0.0.1,9.1

8.5 to 8.5.5.1|

IBM Java Platform Standard Edition Version 7 SR7 FP1 iFixes

Installation Instructions:

For instructions on installing this update using Installation Manager, review the topic Updating Installed Product Packages in the IBM Knowledge Center.

Instructions to download and install the update from the compressed files:

  1. Download the update files from Fix Central by following the link listed in the download table above

  2. Extract the compressed files in an appropriate directory.

For example, choose to extract to `C:\temp\update

`
3. Add the update repository location in IBM Installation Manager:

1. Start IBM Installation Manager.
2. On the Start page of Installation Manager, click **File &gt; Preferences**, and then click**Repositories**. The Repositories page opens.
3. On the Repositories page, click **Add Repository**.
4. In the Add repository window, browse to or enter the file path to the repository.config file, which is located in the directory where you extracted the compressed files and then click OK.

For example, enter C:\temp\updates\repository.config.
5. Click OK to close the Preference page.

  1. Install the update as described in the the topic Updating Installed Product Packages in the IBM Knowledge Center for your product and version.

Workarounds and Mitigations

None

Related

ibm 74
veracode 2
prion 2
cve 2
ubuntucve 1
nessus 46
redhat 10
openvas 34
oraclelinux 3
amazon 2
centos 3
ubuntu 4
debian 3
mageia 1
aix 1
kaspersky 1
suse 4
osv 1
gentoo 1
securityvulns 2
oracle 1
ibm
ibm
Security Bulletin: A vulnerability in IBM Java SDK affects Rational Application Developer for WebSphere (CVE-2014-4263)
2020-02-05 00:09:48
Security Bulletin: IBM WebSphere MQ Internet Pass-Thru is affected by multiple vulnerabilities in IBM SDK, Java™ Technology Edition, Version 7 (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)
2018-06-15 07:02:20
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Process Server and IBM Business Process Manager (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)
2018-06-15 07:01:25
veracode
veracode
Bruteforce Attack
2019-01-15 08:58:42
Weak Encryption Parameters
2019-05-02 05:03:23
prion
prion
Code injection
2014-12-02 01:59:00
Buffer overflow
2014-07-17 11:17:00
cve
cve
CVE-2014-3068
2014-12-02 01:59:00
CVE-2014-4263
2014-07-17 11:17:00
ubuntucve
ubuntucve
CVE-2014-4263
2014-07-17 00:00:00
nessus
nessus
Oracle JRockit R27 < R27.8.3.9 / R28 < R28.3.3.10 Multiple Vulnerabilities (July 2014 CPU)
2014-07-29 00:00:00
RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:1036)
2014-08-08 00:00:00
RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:1033)
2014-08-08 00:00:00
redhat
redhat
(RHSA-2014:1036) Important: java-1.5.0-ibm security update
2014-08-07 00:00:00
(RHSA-2014:1033) Critical: java-1.6.0-ibm security update
2014-08-07 00:00:00
(RHSA-2014:1042) Critical: java-1.7.1-ibm security update
2014-08-11 00:00:00
openvas
openvas
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 (Jul 2014) - Linux
2014-07-24 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 (Jul 2014) - Windows
2014-07-24 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1055-1)
2021-06-09 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security and bug fix update
2014-07-21 00:00:00
java-1.7.0-openjdk security update
2014-07-16 00:00:00
java-1.7.0-openjdk security update
2014-07-16 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2014-07-31 13:52:00
Critical: java-1.7.0-openjdk
2014-07-23 14:01:00
centos
centos
java security update
2014-07-21 18:20:14
java security update
2014-07-16 10:46:11
java security update
2014-07-16 10:53:36
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2014-08-12 00:00:00
OpenJDK 7 update
2014-09-17 00:00:00
OpenJDK 7 regression
2014-08-26 00:00:00
debian
debian
[SECURITY] [DSA 2980-1] openjdk-6 security update
2014-07-17 16:00:25
[SECURITY] [DSA 2987-1] openjdk-7 security update
2014-07-23 19:51:55
[SECURITY] [DLA 96-1] openjdk-6 security update
2014-11-28 10:26:06
mageia
mageia
Updated java-1.7.0-openjdk packages fix multiple vulnerabilities
2014-07-26 15:03:50
aix
aix
Multiple vulnerabilities in current releases of the IBM SDK Java Technology Edition
2014-08-18 14:04:26
kaspersky
kaspersky
KLA10507 Multiple vulnerabilities in Oracle products
2014-07-17 00:00:00
suse
suse
Security update for java-1_5_0-ibm (important)
2015-02-25 19:05:32
Security update for openjdk (important)
2014-08-04 19:04:23
Security update for java-1_6_0-ibm (important)
2015-02-27 19:05:34
osv
osv
openjdk-6 - security update
2014-11-28 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2015-02-15 00:00:00
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL applications security vulnerabilities
2014-07-21 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

JSON
Related for DB22B3B68744FEE0B895F36BFE3C07C0C84967B87710DE01FEC11B662F3B8A89
ibm74veracode2prion2cve2ubuntucve1nessus46redhat10openvas34oraclelinux3amazon2centos3ubuntu4debian3mageia1aix1kaspersky1suse4osv1gentoo1securityvulns2oracle1