【重要情報】IBM WebSphere Message Broker / IBM Integration Bus IBM JRE 5.0 SR16-FP3 および IBM JRE 7.0 SR5 のセキュリティ脆弱性

Content

【障害内容】

IBM WebSphere Message Broker のIBM JRE 5.0 SR16-FP3 以前とIBM Integration Bus のJRE 7.0 SR5以前のIBM Java ランタイム環境(JRE)に複数のセキュリティ脆弱性が存在します。

下記の脆弱性を修正したIBM JRE 5.0 および IBM JRE 7.0 の修正が利用可能になりました。

CVE ID:
CVE-2013-1500, CVE-2013-2400, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2462, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743

脆弱性詳細:
下記のWebSphere Message Broker のIBM Javaランタイム環境の脆弱性が修正されました。
特に注記のないCVEに関しては、JRE 5.0, 7.0ともに該当します。

CVE-2013-1500 (CVSS3.2)
CVE-2013-2400 (CVSS5) - IBM JRE 7.0 Only
CVE-2013-2407 (CVSS6.4) - IBM JRE 7.0 Only
CVE-2013-2412 (CVSS5) - IBM JRE 7.0 Only
CVE-2013-2437 (CVSS5) - IBM JRE 7.0 Only
CVE-2013-2442 (CVSS7.5) - IBM JRE 7.0 Only
CVE-2013-2443 (CVSS5)
CVE-2013-2444 (CVSS5)
CVE-2013-2446 (CVSS5)
CVE-2013-2447 (CVSS5)
CVE-2013-2448 (CVSS7.6)
CVE-2013-2449 (CVSS4.3) - IBM JRE 7.0 Only
CVE-2013-2450 (CVSS5)
CVE-2013-2451 (CVSS3.7) - IBM JRE 7.0 Only
CVE-2013-2452 (CVSS5)
CVE-2013-2453 (CVSS5) - IBM JRE 7.0 Only
CVE-2013-2454 (CVSS5.8)
CVE-2013-2455 (CVSS5)
CVE-2013-2456 (CVSS5)
CVE-2013-2457 (CVSS5)
CVE-2013-2458 (CVSS5.8) - IBM JRE 7.0 Only
CVE-2013-2459 (CVSS10)
CVE-2013-2460 (CVSS9.3) - IBM JRE 7.0 Only
CVE-2013-2462 (CVSS9.3) - IBM JRE 7.0 Only
CVE-2013-2463 (CVSS10)
CVE-2013-2464 (CVSS10)
CVE-2013-2465 (CVSS10)
CVE-2013-2466 (CVSS10) - IBM JRE 7.0 Only
CVE-2013-2468 (CVSS10) - IBM JRE 7.0 Only
CVE-2013-2469 (CVSS10)
CVE-2013-2470 (CVSS10)
CVE-2013-2471 (CVSS10)
CVE-2013-2472 (CVSS10)
CVE-2013-2473 (CVSS10)
CVE-2013-3743 (CVSS9.3)

関連文書中のCVSS文書を参照し、お客様環境下でのこの脆弱性の影響を評価ください。

CVSS:
CEVID: CVE-2013-1500
CVSS Base Score: 3.6
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85062 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N)

CEVID: CVE-2013-2400
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85050 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CEVID: CVE-2013-2407
CVSS Base Score: 6.4
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85044 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CEVID: CVE-2013-2412
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85059 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CEVID: CVE-2013-2437
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85049 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CEVID: CVE-2013-2444
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85047 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CEVID: CVE-2013-2442
CVSS Base Score: 7.5
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85041 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CEVID: CVE-2013-2443
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85054 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CEVID: CVE-2013-2447
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85056 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CEVID: CVE-2013-2446
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85048 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CEVID: CVE-2013-2448
CVSS Base Score: 7.6
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85040 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CEVID: CVE-2013-2449
CVSS Base Score: 4.3
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85060 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CEVID: CVE-2013-2450
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85057 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CEVID: CVE-2013-2451
CVSS Base Score: 3.7
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85061 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P)

CEVID: CVE-2013-2452
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85055 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CEVID: CVE-2013-2453
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85053 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CEVID: CVE-2013-2454
CVSS Base Score: 5.8
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85045 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CEVID: CVE-2013-2455
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/84146 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CEVID: CVE-2013-2456
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85058 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CEVID: CVE-2013-2457
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85052 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CEVID: CVE-2013-2458
CVSS Base Score: 5.8
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85046 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CEVID: CVE-2013-2459
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85033 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CEVID: CVE-2013-2460
CVSS Base Score: 9.3
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85038 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CEVID: CVE-2013-2462
CVSS Base Score: 9.3
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85037 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CEVID: CVE-2013-2463
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85029 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CEVID: CVE-2013-2464
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85030 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CEVID: CVE-2013-2465
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85031 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CEVID: CVE-2013-2466
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85035 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CEVID: CVE-2013-2468
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85034 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CEVID: CVE-2013-2469
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85032 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CEVID: CVE-2013-2470
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85025 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CEVID: CVE-2013-2471
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85026 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CEVID: CVE-2013-2472
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85027 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CEVID: CVE-2013-2473
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85028 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CEVID: CVE-2013-3743
CVSS Base Score: 9.3
CVSS Temporal Score: See CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/85036 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)


【対象バージョン】
・IBM WebSphere Message Broker V6.1
・IBM Integration Bus V9.0


【対象プラットフォーム】
・IBM WebSphere Message Broker V6.1 もしくは IBM Integration Bus V9.0が稼動するプラットフォームすべて(zOSを除く)


【回避策】
なし


【対応策】
・IBM WebSphere Message Broker V6.1
Fix Pack 6.1.0.12で修正予定ですが2013/10時点で未リリースです。
Fix Packがリリースされるまでの期間は個別FIX IC94158 を適用してください。

・IBM Integration Bus V9.0
Fix Pack 9.0.0.1で修正予定ですが2013/10時点で未リリースです。
Fix Packがリリースされるまでの期間は個別FIX IC94187 を適用してください。


【関連文書】
CVE-2013-1500
https://exchange.xforce.ibmcloud.com/vulnerabilities/85062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1500

CVE-2013-2400
https://exchange.xforce.ibmcloud.com/vulnerabilities/85050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2400

CVE-2013-2407
https://exchange.xforce.ibmcloud.com/vulnerabilities/85044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2407

CVE-2013-2412
https://exchange.xforce.ibmcloud.com/vulnerabilities/85059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2412

CVE-2013-2437
https://exchange.xforce.ibmcloud.com/vulnerabilities/85049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2437

CVE-2013-2444
https://exchange.xforce.ibmcloud.com/vulnerabilities/85047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2444

CVE-2013-2442
https://exchange.xforce.ibmcloud.com/vulnerabilities/85041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2442

CVE-2013-2443
https://exchange.xforce.ibmcloud.com/vulnerabilities/85054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2443

CVE-2013-2447
https://exchange.xforce.ibmcloud.com/vulnerabilities/85056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2447

CVE-2013-2446
https://exchange.xforce.ibmcloud.com/vulnerabilities/85048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2446

CVE-2013-2448
https://exchange.xforce.ibmcloud.com/vulnerabilities/85040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2448

CVE-2013-2449
https://exchange.xforce.ibmcloud.com/vulnerabilities/85060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2449

CVE-2013-2450
https://exchange.xforce.ibmcloud.com/vulnerabilities/85057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2450

CVE-2013-2451
https://exchange.xforce.ibmcloud.com/vulnerabilities/85061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2451

CVE-2013-2452
https://exchange.xforce.ibmcloud.com/vulnerabilities/85055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2452

CVE-2013-2453
https://exchange.xforce.ibmcloud.com/vulnerabilities/85053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2453

CVE-2013-2454
https://exchange.xforce.ibmcloud.com/vulnerabilities/85045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2454

CVE-2013-2455
https://exchange.xforce.ibmcloud.com/vulnerabilities/84146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2455

CVE-2013-2456
https://exchange.xforce.ibmcloud.com/vulnerabilities/85058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2456

CVE-2013-2457
https://exchange.xforce.ibmcloud.com/vulnerabilities/85052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2457

CVE-2013-2458
https://exchange.xforce.ibmcloud.com/vulnerabilities/85046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2458

CVE-2013-2459
https://exchange.xforce.ibmcloud.com/vulnerabilities/85033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2459

CVE-2013-2460
https://exchange.xforce.ibmcloud.com/vulnerabilities/85038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2460

CVE-2013-2462
https://exchange.xforce.ibmcloud.com/vulnerabilities/85037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2462

CVE-2013-2463
https://exchange.xforce.ibmcloud.com/vulnerabilities/85029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2463

CVE-2013-2464
https://exchange.xforce.ibmcloud.com/vulnerabilities/85030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2464

CVE-2013-2465
https://exchange.xforce.ibmcloud.com/vulnerabilities/85031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2465

CVE-2013-2466
https://exchange.xforce.ibmcloud.com/vulnerabilities/85035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2466

CVE-2013-2468
https://exchange.xforce.ibmcloud.com/vulnerabilities/85034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2468

CVE-2013-2469
https://exchange.xforce.ibmcloud.com/vulnerabilities/85032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2469

CVE-2013-2470
https://exchange.xforce.ibmcloud.com/vulnerabilities/85025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2470

CVE-2013-2471
https://exchange.xforce.ibmcloud.com/vulnerabilities/85026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2471

CVE-2013-2472
https://exchange.xforce.ibmcloud.com/vulnerabilities/85027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2472

CVE-2013-2473
https://exchange.xforce.ibmcloud.com/vulnerabilities/85028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2473

CVE-2013-3743
https://exchange.xforce.ibmcloud.com/vulnerabilities/85036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-3743


[IBMサイト]
この文書は、米国 IBM 社の資料を翻訳した参考文書です。翻訳元の文書は、以下のリンクよりご参照ください。
WebSphere Message Broker and IBM Integration Bus Security Vulnerability: Multiple security vulnerabilities in IBM JREs 5 & 7

公開済みのフィックスパックについては、以下のサイトよりご利用いただけます。
Recommended fixes for WebSphere Message Broker

[CVSS情報]
独立行政法人 情報処理推進機構: 共通脆弱性評価システムCVSS概説
JVN iPedia: CVSS計算ソフトウェア日本語版


【お問合せ先】
技術的な内容に関して、サービス契約のあるお客様はIBMサービス・ラインにお問い合わせください。
IBM サービス・ライン

注：
Common Vulnerability Scoring System（CVSS）は、脆弱性の重要性を伝え、緊急度と対応の優先度を決定するのに役立つように設計された工業オープン・スタンダードです。
IBMは、CVSスコアを現状のまま提供するものであり、 いかなる種類の保証も伴いません。
潜在的なセキュリティ脆弱性が実際にどのような影響を与えるかはお客様自身で評価していただく必要があります。