Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMEBA2C150795538C928B17B5AB0762DE6CF72C1C245E37683C1CF581242A09FF5
HistorySep 10, 2020 - 3:49 p.m.

Security Bulletin: IBM Java Quarterly CPU - July 2014 affecting Rational Software Architect for Websphere Software (CVE-2014-0411)

2020-09-1015:49:00
www.ibm.com
16

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

JSON

Summary

Timing differences based on validity of TLS messages can be exploited to decrypt the entire session.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

  • Follow this link for more information (requires login with your IBM ID)
    —|—

CVE ID: CVE-2014-0411

Description: Timing differences based on validity of TLS messages can be exploited to decrypt the entire session. The exploit is not trivial, requiring a man-in-the-middle position and a long time.

CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90357&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

  • Rational Software Architect 9.0.0.1 and earlier
  • Rational Software Architect for WebSphere Software 9.0.0.1 and earlier
  • Rational Software Architect RealTime Edition 9.0.0.1 and earlier

Remediation/Fixes

Update the Java Development Kit of the product to address this vulnerability:

Product VRMF Remediation/Download FixCentral Link
Rational Software Architect

Rational Software Architect for Websphere Software

Rational Software Architect RealTime Edition

Rational Software Architect Standard Edition| 7.5.x to 7.5.5.5 iFix1
8.0.x to 8.0.4.2 iFix1|

IBM Java Platform Standard Edition Version 6 SR15 FP1

Rational Software Architect

Rational Software Architect for Websphere Software

Rational Software Architect RealTime Edition| 9.0, 9.0.0.1

8.5 to 8.5.5.1|

IBM Java Platform Standard Edition Version 7 SR6 FP1 iFixes

Installation Instructions:

For instructions on installing this update using Installation Manager, review the topic Updating Installed Product Packages in the IBM Knowledge Center.

Instructions to download and install the update from the compressed files:

  1. Download the update files from Fix Central by following the link listed in the download table above

  2. Extract the compressed files in an appropriate directory.

For example, choose to extract to `C:\temp\update

`
3. Add the update repository location in IBM Installation Manager:

1. Start IBM Installation Manager.
2. On the Start page of Installation Manager, click **File &gt; Preferences**, and then click**Repositories**. The Repositories page opens.
3. On the Repositories page, click **Add Repository**.
4. In the Add repository window, browse to or enter the file path to the repository.config file, which is located in the directory where you extracted the compressed files and then click OK.

For example, enter C:\temp\updates\repository.config.
5. Click OK to close the Preference page.

  1. Install the update as described in the the topic Updating Installed Product Packages in the IBM Knowledge Center for your product and version.

Workarounds and Mitigations

None

Related

prion 1
f5 4
ibm 51
cve 1
ubuntucve 1
veracode 13
redhat 10
nessus 39
openvas 32
oraclelinux 3
ubuntu 3
amazon 2
centos 3
mageia 1
suse 5
aix 1
kaspersky 1
securityvulns 1
oracle 1
gentoo 1
prion
prion
Design/Logic Flaw
2014-01-15 16:08:00
f5
f5
K02004209 : Oracle Java vulnerability CVE-2014-0411
2015-12-30 00:00:00
SOL02004209 - Oracle Java vulnerability CVE-2014-0411
2015-12-30 00:00:00
SOL53146535 - Multiple Sun Java vulnerabilities
2015-12-30 00:00:00
ibm
ibm
Security Bulletin: Rational Developer for System z is affected due to vulnerabilities in IBM Java IBM SDK, Java Technology Edition - Jan 2014
2020-10-27 15:51:50
Security Bulletin: Java vulnerability on IBM Storage DS8870 (CVE-2014-0411)
2018-06-18 00:08:25
Security Bulletin: IBM Sterling Connect:Direct Browser affected by a vulnerability in IBM Runtime Environment, Java™ Technology Edition (CVE-2014-0411)
2020-02-26 18:33:49
cve
cve
CVE-2014-0411
2014-01-15 16:08:00
ubuntucve
ubuntucve
CVE-2014-0411
2014-01-15 00:00:00
veracode
veracode
Cryptography Key Leakage
2019-05-02 04:56:14
Sandbox Restrictions Bypass
2019-05-02 05:01:07
Sandbox Restrictions Bypass
2019-05-02 05:01:06
redhat
redhat
(RHSA-2014:0136) Important: java-1.5.0-ibm security update
2014-02-04 00:00:00
(RHSA-2014:0097) Important: java-1.6.0-openjdk security update
2014-01-27 00:00:00
(RHSA-2014:0026) Critical: java-1.7.0-openjdk security update
2014-01-15 00:00:00
nessus
nessus
RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:0136)
2014-02-05 00:00:00
Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2124-1)
2014-02-28 00:00:00
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (20140127)
2014-01-28 00:00:00
openvas
openvas
CentOS Update for java CESA-2014:0097 centos6
2014-01-30 00:00:00
Oracle Linux Local Check: ELSA-2014-0097
2015-10-06 00:00:00
CentOS Update for java CESA-2014:0097 centos5
2014-01-30 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2014-01-27 00:00:00
java-1.7.0-openjdk security update
2014-01-14 00:00:00
java-1.7.0-openjdk security update
2014-01-14 00:00:00
ubuntu
ubuntu
OpenJDK 6 regression
2014-04-08 00:00:00
OpenJDK 6 vulnerabilities
2014-02-27 00:00:00
OpenJDK 7 vulnerabilities
2014-01-23 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2014-02-03 15:27:00
Critical: java-1.7.0-openjdk
2014-01-15 10:28:00
centos
centos
java security update
2014-01-15 11:04:23
java security update
2014-01-27 22:53:27
java security update
2014-01-15 11:16:34
mageia
mageia
Updated java-1.7.0-openjdk package fixes multiple security vulnerabilities
2014-01-21 20:22:18
suse
suse
Security update for IBM Java 6 (important)
2014-03-26 18:04:12
Security update for IBM Java 6 (important)
2014-02-24 22:04:17
Security update for IBM Java 6 (important)
2014-02-20 20:04:38
aix
aix
AIX Java Multiple Vulnerabilities (Oracle Java 2014 CPU)
2014-03-06 13:24:59
kaspersky
kaspersky
KLA10511 Multiple vulnerabilities in Oracle products
2014-01-15 00:00:00
securityvulns
securityvulns
Oracle / Sun / MySQL / PeopleSoft / OpenJDK applications multiple security vulnerabilities
2014-05-05 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2014
2014-01-14 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

JSON
Related for EBA2C150795538C928B17B5AB0762DE6CF72C1C245E37683C1CF581242A09FF5
prion1f54ibm51cve1ubuntucve1veracode13redhat10nessus39openvas32oraclelinux3ubuntu3amazon2centos3mageia1suse5aix1kaspersky1securityvulns1oracle1gentoo1