IBM Support

Security Bulletin:  Vulnerability CVE-2017-3511 in IBM Java SDK affects IBM Process Designer used in IBM Business Process Manager

Created by Laura Snider on
Published URL:
https://www.ibm.com/support/pages/node/296297
296297

Security Bulletin


Summary

The CVE-2017-3511 vulnerability has been reported in IBM® SDK Java™ Technology Edition that is used by IBM Process Designer in IBM Business Process Manager. The issue was disclosed as part of the IBM Java SDK updates in April 2017.

Vulnerability Details

CVEID: CVE-2017-3511
DESCRIPTION: An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 7.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124890 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

Affected Products and Versions

This vulnerability affects IBM Business Process Designer V8.5.7 2017.03 and V8.5.7 2017.06.
 

Remediation/Fixes

The Eclipse-based IBM Process Designer tool includes an instance of the IBM SDK Java™ Technology Edition. To provide the fix for this development tool, install APAR JR58297 for your version of IBM Business Process Manager:

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Acknowledgement

None

Change History

27 September 2017: Original version published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Process Designer","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"8.5.7.CF201706;8.5.7.CF201703","Edition":"Not Applicable","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSFTBX","label":"IBM Business Process Manager Express"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Process Designer","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"8.5.7.CF201706;8.5.7.CF201703","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Process Designer","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5.7.CF201706;8.5.7.CF201703","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg22008324