IBM Support

Security Bulletin: Multiple vulnerabilities exist in the current IBM SDK for Java used in IBM System Networking Switch Center (CVE-2014-0411 & CVE-2014-0460)

Created by Igets Administrator on
Published URL:
https://www.ibm.com/support/pages/node/679171
679171

Security Bulletin


Summary

IBM System Networking Switch Center ships with IBM Java 7 JRE. Two vulnerabilities are fixed in the April 2014 Critical Patch Update. 1) CVE-2014-0460: JNDI DNS service provider has several implementation flaws that make spoofing DNS responses much easier; 2) CVE-2014-0411: Vulnerability in Java Secure Socket Extension (JSSE).

Vulnerability Details

CVEID: CVE-2014-0460
DESCRIPTION: An unspecified vulnerability related to the JNDI component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/92482 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-0411
DESCRIPTION: A vulnerability allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
CVSS Base Score: 4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90357 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N:AC:H:Au:N:C:P/I:P/A:N)

Affected Products and Versions

IBM System Networking Switch Center 7.1 (7.1.3.1), and 7.2 (7.2.1.10).

Remediation/Fixes

IBM recommends upgrading all 7.1 and 7.2 versions of IBM Systems Networking Switch Center to one of the following releases:

  • 7.1.3.2
  • 7.2.1.11
  • 7.3.1.1

The install packages for these releases can be found on IBM's Passport Advantage website: http://www-01.ibm.com/software/howtobuy/passportadvantage/pao_customers.htm

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Acknowledgement

None

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SGSSK9","label":"System Networking Switch Center"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"Not Applicable","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1.1.0;7.1.2.0;7.1.3.0;7.2.1.0","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
08 July 2019

UID

isg3T1020989