Security Bulletin: Potential Denial of Service security vulnerability in Rational Synergy (CVE-2011-4461)

Summary

Potential Denial of Service (DoS) security vulnerability in IBM Rational Synergy due to a Java HashTable security vulnerability in Jetty (CVE-2011-4461).

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

• Follow this link for more information (requires login with your IBM ID)
  —|—

CVE ID:CVE-2011-4461
**
Description: **IBM Rational Synergy is potentially vulnerable to Denial of Service attacks because one of its embedded components, Jetty, has a security vulnerability. The vulnerability is caused by insufficient randomization of hash data structures. A remote attacker could exploit this vulnerability to cause the consumption of CPU resources. Customers who are using IBM Rational Synergy may be impacted by this Jetty vulnerability which can cause performance or Denial of Service (DoS) issues. **
**CVSS Base Score: 2 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/72017&gt; for the current score *CVSS Environmental Score:**Undefined **CVSS Vector: **(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

All Rational Synergy supported platforms.

Remediation/Fixes

Upgrade to one of the following releases:

• Rational Synergy Fix Pack 3 (7.2.0.3) for 7.2
• Rational Synergy Fix Pack 6 (7.1.0.6) for 7.1

Workarounds and Mitigations

None