IBM Support

Security Bulletin: A security vulnerability has been identified in IBM SDK, Java Technology Edition bundled product shipped with Rational Asset Manager (CVE-2014-2421, CVE-2014-1876)

Created by Mu Han Sun on
Published URL:
https://www.ibm.com/support/pages/node/513959
513959

Security Bulletin


Summary

IBM SDK, Java Technology Edition is shipped as a component of IBM Rational Asset Manager. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in a security bulletin.

Vulnerability Details

Subscribe to My Notifications to be notified of important product support alerts like this.
  • Follow this link for more information (requires login with your IBM ID)

CVEID: CVE-2014-2421

Description: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92462 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-1876

Description: An unspecified vulnerability related to the Libraries component has no confidentiality impact, partial integrity impact, and partial availability impact.

CVSS Base Score: 2.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92492 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:P)

Affected Products and Versions

Product and Version(s)

Product and Version shipped as a component
IBM Rational Asset Manager 7.5.2, 7.5.1, 7.5, 7.2IBM SDK, Java Technology Edition, Version 6 Service Refresh 15 Fix Pack 1 and earlier

Remediation/Fixes

This

RAMEmbeded WAS?WAS 6.1WAS 7.0WAS 8.0WAS 8.5
7.2Yes6.1.0.25 for stand-alone WAS
6.1 with ISC for embeded WAS
N/AN/AN/A
7.5Yes6.1.0.31 for stand-alone WAS
6.1 with ISC, (6.1.0.35 and future fix) for embeded WAS
7.0.0.11 for stand-alone WAS
7.0.0.13 and future fix packs for embeded WAS
N/AN/A
7.5.1YesN/A7.0.0.25 for stand-alone WAS
7.0.0.17 and future fix packs for embeded WAS
8.0.0.4 and future fix packs for stand-alone WASN/A
7.5.2NoN/A7.0.0.278.0.0.68.5.0.2

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Acknowledgement

None

Change History

* 18 July 2014: Original copy published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Internal Use Only

PSIRT Advisory 1732, Record 36654

[{"Product":{"code":"SSUS84","label":"Rational Asset Manager"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General Information","Platform":[{"code":"PF002","label":"AIX"}],"Version":"7.5","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
16 June 2018

UID

swg21676432