Security Bulletin: Rational RequisitePro affected by Java vulnerabilities (CVE-2014-4244, CVE-2014-4263)

2018-06-1704:59:01

www.ibm.com

EPSS

0.009

Percentile

82.5%

JSON

Summary

This bulletin covers remediation measures for the CVEs published in Oracle’s July 2014 CPU that affect Rational RequisitePro.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

Follow this link for more information (requires login with your IBM ID)
—|—

CVEID: CVE-2014-4263

Description: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-4244

Description: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4 **CVSS Temporal Score:*See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

IBM Rational RequisitePro versions:

Version	Status
7.1.4 through 7.1.4.5	Affected
7.1.3 through 7.1.3.12	Affected
7.1.0.x, 7.1.1.x (all versions), 7.1.2 through 7.1.2.15	Affected

Remediation/Fixes

Apply a fix pack for your appropriate ReqPro release.

Affected Version	Applying the fix
7.1.4.x	Install Rational RequisitePro Fix Pack 6 (7.1.4.6) for 7.1.4
7.1.3.x	Install Rational RequisitePro Fix Pack 13 (7.1.3.13) for 7.1.3
7.1.2.x	Install Rational RequisitePro Fix Pack 16 (7.1.2.16) for 7.1.2
7.1.1.x
7.1.0.x	Install Rational RequisitePro Fix Pack 16 (7.1.2.16) for 7.1.2
Note:7.1.2.16 interoperates with all 7.1.x.x systems, and can be installed in the same way as 7.1.x.x fix packs.