Security Bulletin: A vulnerability in Open JDK affecting Rational Functional Tester

Summary

A vulnerability in Open JDK Version 8, OpenJ9 used by Rational Functional Tester (RFT). RFT has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2023-21830
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245038 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2023-21843
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Sound component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245037 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

Download the JDK appropriate for your platform in order to manually replace the JDK.
Note: Please take backup of existing _${RFTinstallLocation}/_jdk folder.

Additional steps for Mac OS:

Run below commands

chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/bin
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/jre/bin
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/jre/lib/jspawnhelper
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/jre/lib/*.dylib
rm -f ${RFTinstallLocation}/jdk/Contents/MacOS/libjli.dylib
ln -s ${RFTinstallLocation}/jdk/Contents/Home/jre/lib/jli/libjli.dylib ${RFTinstallLocation}/jdk/Contents/MacOS/libjli.dylib

Workarounds and Mitigations

None