Security Bulletin
Summary
IBM SDK, Java Technology Edition is shipped as a component of IBM Rational Asset Manager. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in a security bulletin.
Vulnerability Details
Subscribe to My Notifications to be notified of important product support alerts like this.
|
CVEID: CVE-2014-2421
Description: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92462 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2014-1876
Description: An unspecified vulnerability related to the Libraries component has no confidentiality impact, partial integrity impact, and partial availability impact.
CVSS Base Score: 2.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92492 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:P)
Affected Products and Versions
|
Product and Version(s) | Product and Version shipped as a component |
| IBM Rational Asset Manager 7.5.2, 7.5.1, 7.5, 7.2 | IBM SDK, Java Technology Edition, Version 6 Service Refresh 15 Fix Pack 1 and earlier |
Remediation/Fixes
This
| RAM | Embeded WAS? | WAS 6.1 | WAS 7.0 | WAS 8.0 | WAS 8.5 |
| 7.2 | Yes | 6.1.0.25 for stand-alone WAS 6.1 with ISC for embeded WAS | N/A | N/A | N/A |
| 7.5 | Yes | 6.1.0.31 for stand-alone WAS 6.1 with ISC, (6.1.0.35 and future fix) for embeded WAS | 7.0.0.11 for stand-alone WAS 7.0.0.13 and future fix packs for embeded WAS | N/A | N/A |
| 7.5.1 | Yes | N/A | 7.0.0.25 for stand-alone WAS 7.0.0.17 and future fix packs for embeded WAS | 8.0.0.4 and future fix packs for stand-alone WAS | N/A |
| 7.5.2 | No | N/A | 7.0.0.27 | 8.0.0.6 | 8.5.0.2 |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Acknowledgement
None
Change History
* 18 July 2014: Original copy published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Internal Use Only
PSIRT Advisory 1732, Record 36654
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21676432