IBM Support

Security Bulletin: CICS Transaction Gateway for Multiplatforms

Flashes (Alerts)


Abstract

Multiple security vulnerablilities exist in the JREs shipped with CICS TG for client applications. CICS TG itself is not vulnerable to these risks but client side applications using the JREs might be. You will need to evaluate your own code to determine if you are vulnerable.

Content

CVEID: CVE-2014-0428
Description:
An unspecified vulnerability in Oracle Java SE related to the CORBA component could allow a remote attacker to execute arbitrary code on the system.

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90325 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-0422


Description:
An unspecified vulnerability in Oracle Java SE related to the JNDI component could allow a remote attacker to execute arbitrary code on the system.

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90326 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-5907


Description:
An unspecified vulnerability in Oracle Java SE related to the 2D component could allow a remote attacker to execute arbitrary code on the system.

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90324 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-0415


Description:
An unspecified vulnerability in Oracle Java SE related to the Deployment component could allow a remote attacker to execute arbitrary code on the system.

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90323 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-0410


Description:
An unspecified vulnerability in Oracle Java SE related to the Deployment component could allow a remote attacker to execute arbitrary code on the system.

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90322 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


AFFECTED PRODUCTS AND VERSIONS:
CICS Transaction Gateway for Multiplatforms v9.0 and earlier.

REMEDIATION:
Upgrade the JRE being used by CICS TG Java client applications. Updated JREs for use with CICS TG Java client applications are made available on Fix Central:
http://www-933.ibm.com/support/fixcentral/options?selection=Software%3bibm%2fOther+software%3bibm%2fWebSphere%2fCICS+Transaction+Gateway+for+Multiplatforms

Workaround(s):
None

Mitigation(s):
None

RELATED INFORMATION:

Complete CVSS v2 Guide
On-line Calculator v2

[{"Product":{"code":"SSGMJ2","label":"CICS Transaction Gateway"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"CTG","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0;8.1;8.0;7.2","Edition":"All","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Document Information

Modified date:
15 June 2018

UID

swg21668321