Security Bulletin
Summary
IBM System Networking Switch Center ships with IBM Java 7 JRE. Two vulnerabilities are fixed in the April 2014 Critical Patch Update. 1) CVE-2014-0460: JNDI DNS service provider has several implementation flaws that make spoofing DNS responses much easier; 2) CVE-2014-0411: Vulnerability in Java Secure Socket Extension (JSSE).
Vulnerability Details
CVEID: CVE-2014-0460
DESCRIPTION: An unspecified vulnerability related to the JNDI component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/92482 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVEID: CVE-2014-0411
DESCRIPTION: A vulnerability allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
CVSS Base Score: 4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90357 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N:AC:H:Au:N:C:P/I:P/A:N)
Affected Products and Versions
IBM System Networking Switch Center 7.1 (7.1.3.1), and 7.2 (7.2.1.10).
Remediation/Fixes
IBM recommends upgrading all 7.1 and 7.2 versions of IBM Systems Networking Switch Center to one of the following releases:
- 7.1.3.2
- 7.2.1.11
- 7.3.1.1
The install packages for these releases can be found on IBM's Passport Advantage website: http://www-01.ibm.com/software/howtobuy/passportadvantage/pao_customers.htm
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
http://xforce.iss.net/xforce/xfdb/92482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411
http://xforce.iss.net/xforce/xfdb/90357
Acknowledgement
None
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
08 July 2019
UID
isg3T1020989