Lucene search

IBME48FE792FCD9F6DC0EA6556FD4C783B75FE9BD5C2006C349CDB047F4BF5056AD

HistoryJun 12, 2024 - 6:36 a.m.

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI

2024-06-1206:36:19

www.ibm.com

open jdk

rational functional tester

devops test ui

vulnerabilities

version 10.0

version 10.1

version 10.2

version 10.5

version 11.0

windows

linux

mac os

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.6%

JSON

Summary

There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester (RFT) / DevOps Test UI. RFT has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2024-21085
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/288000 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2024-21012
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Networking component could allow a remote attacker to cause high integrity impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/288019 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Rational Functional Tester (RFT)	RFT 10.0
Rational Functional Tester (RFT)	RFT 10.1
Rational Functional Tester (RFT)	RFT 10.2
Rational Functional Tester (RFT)	RFT 10.5
DevOps Test UI (Test UI)	Test UI 11.0

Remediation/Fixes

Product	Version	APAR	Operating System
RFT
Test UI	10.0 to 10.5.4
11.0.0	None	Windows 32 bit	<https://github.com/ibmruntimes/semeru8-binaries/releases/download/jdk8u412-b08_openj9-0.44.0/ibm-semeru-open-jdk_x86-32_windows_8u412b08_openj9-0.44.0.zip>
Windows 64 bit	<https://github.com/ibmruntimes/semeru8-binaries/releases/download/jdk8u412-b08_openj9-0.44.0/ibm-semeru-open-jdk_x64_windows_8u412b08_openj9-0.44.0.zip>
Linux	<https://github.com/ibmruntimes/semeru8-binaries/releases/download/jdk8u412-b08_openj9-0.44.0/ibm-semeru-open-jdk_x64_linux_8u412b08_openj9-0.44.0.tar.gz>
Mac OS	<https://github.com/ibmruntimes/semeru8-binaries/releases/download/jdk8u412-b08_openj9-0.44.0/ibm-semeru-open-jdk_x64_mac_8u412b08_openj9-0.44.0.tar.gz>

Download the correct version of JDK for your platform to manually replace the JDK.

Note: Please take a backup of the existing _${RFTinstallLocation}/_jdk folder.

Product	Version	APAR	Operating System	Remediation/ Fix
Test UI	11.0.0	None	Windows 32 bit	<https://github.com/ibmruntimes/semeru17-binaries/releases/download/jdk-17.0.11%2B9_openj9-0.44.0/ibm-semeru-open-jre_x64_windows_17.0.11_9_openj9-0.44.0.zip>
Windows 64 bit	<https://github.com/ibmruntimes/semeru17-binaries/releases/download/jdk-17.0.11%2B9_openj9-0.44.0/ibm-semeru-open-jre_x64_windows_17.0.11_9_openj9-0.44.0.zip>
Linux	<https://github.com/ibmruntimes/semeru17-binaries/releases/download/jdk-17.0.11%2B9_openj9-0.44.0/ibm-semeru-open-jre_x64_linux_17.0.11_9_openj9-0.44.0.tar.gz>
Mac OS	<https://github.com/ibmruntimes/semeru17-binaries/releases/download/jdk-17.0.11%2B9_openj9-0.44.0/ibm-semeru-open-jre_x64_mac_17.0.11_9_openj9-0.44.0.tar.gz>

Download the correct version of JRE for your platform to manually replace the JRE.
Note: Please take a backup of the existing _${DTUIinstallLocation}/_jre17/jre folder.

Additional steps for Mac OS:

Run the following commands:

chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/bin
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/jre/bin
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/jre/lib/jspawnhelper
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/jre/lib/*.dylib
rm -f ${RFTinstallLocation}/jdk/Contents/MacOS/libjli.dylib
ln -s ${RFTinstallLocation}/jdk/Contents/Home/jre/lib/jli/libjli.dylib ${RFTinstallLocation}/jdk/Contents/MacOS/libjli.dylib

For DevOps Test UI 11.0.0 and later releases, run the following additional commands:

chmod -R +x ${TestUIinstallLocation}/jre17/jre/Contents/Home/bin
chmod -R +x ${TestUIinstallLocation}/jre17/jre/Contents/Home/lib/jspawnhelper
chmod -R +x ${TestUIinstallLocation}/jre17/jre/Contents/Home/lib/*.dylib
rm -f ${TestUIinstallLocation}/jre17/jre/Contents/MacOS/libjli.dylib
ln -s ${TestUIinstallLocation}/jre17/jre/Contents/Home/lib/jli/libjli.dylib ${TestUIinstallLocation}/jre17/jre/Contents/MacOS/libjli.dylib

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmrational_policy_testerMatch10.0

ibmrational_policy_testerMatch11.0

CPENameOperatorVersion
ibm rational functional testereq10.0
ibm rational functional testereq11.0

CPE	Name	Operator	Version
	ibm rational functional tester	eq	10.0
	ibm rational functional tester	eq	11.0

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.6%

JSON

Related for E48FE792FCD9F6DC0EA6556FD4C783B75FE9BD5C2006C349CDB047F4BF5056AD