IBM System Networking Switch Center ships with IBM Java 7 JRE. Two vulnerabilities are fixed in the April 2014 Critical Patch Update. 1) CVE-2014-0460: JNDI DNS service provider has several implementation flaws that make spoofing DNS responses much easier; 2) CVE-2014-0411: Vulnerability in Java Secure Socket Extension (JSSE).
CVEID: CVE-2014-0460
DESCRIPTION: An unspecified vulnerability related to the JNDI component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/92482 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVEID: CVE-2014-0411
DESCRIPTION: A vulnerability allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
CVSS Base Score: 4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90357 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N:AC:H:Au:N:C:P/I:P/A:N)
IBM System Networking Switch Center 7.1 (7.1.3.1), and 7.2 (7.2.1.10).
IBM recommends upgrading all 7.1 and 7.2 versions of IBM Systems Networking Switch Center to one of the following releases:
The install packages for these releases can be found on IBM’s Passport Advantage website: <http://www-01.ibm.com/software/howtobuy/passportadvantage/pao_customers.htm>
None