Security Bulletin: Vulnerability in IBM Rational RequisitePro could allow a remote attacker to obtain sensitive information. (CVE-2013-5780)

Summary

Security vulnerability exists in IBM 32-bit Runtime Environment for Windows Java Technology Edition Version 6 that could allow a remote attacker to obtain sensitive information.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

• Follow this link for more information (requires login with your IBM ID)
  —|—

CVEID:CVE-2013-5780

Description:
An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to obtain sensitive information.

CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/88001&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)

Affected Products and Versions

Rational RequisitePro 7.1.0.x
Rational RequisitePro 7.1.1.x
Rational RequisitePro 7.1.2.12 and previous releases
Rational RequisitePro 7.1.3.9 and previous releases
Rational RequisitePro 7.1.4.2 and previous releases

Remediation/Fixes

Upgrade to one of the below versions of IBM Rational RequisitePro:

7.1.0.x, 7.1.1.x, 7.1.2.x:

• 4037055: Rational RequisitePro Fix Pack 13 (7.1.2.13) for 7.1.2

7.1.3.x:

• 4037054: Rational RequisitePro Fix Pack 10 (7.1.3.10) for 7.1.3

7.1.4.x:

• 4037053: Rational RequisitePro Fix Pack 3 (7.1.4.3) for 7.1.4

Note: If you are still working in an older version of Rational RequisitePro (7.1.0.x or 7.1.1.x) and cannot upgrade to the versions above, contact IBM Support for assistance.

Workarounds and Mitigations

None