Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2015-0410, CVE-2014-6593)

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6 (Service Refresh 16-FP2 and earlier) and 7 (Service Refresh 8 and earlier), that is used by IBM TM1. These issues were disclosed as part of the IBM Java SDK updates in January 2015.

Vulnerability Details

CVEID: CVE-2015-0410**
DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100151 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2014-6593**
DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100153 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

• • IBM Cognos TM1 10.2.2
• IBM Cognos TM1 10.2
• IBM Cognos TM1 10.1.1

Remediation/Fixes

Download fixes at the following location:

TM1 9.5.2.3 Interim Fix 7 _<http://www-01.ibm.com/support/docview.wss?uid=swg24039812&gt;_
TM1 10.2.0.2 Interim Fix 4: _<http://www-01.ibm.com/support/docview.wss?uid=swg24039814&gt;_
TM1 10.1.1.2 Interim Fix 4: _<http://www-01.ibm.com/support/docview.wss?uid=swg24039813&gt;_

TM1 10.2.2 FP3: http://www.ibm.com/support/docview.wss?uid=swg24039764

Workarounds and Mitigations

None