There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 & 7 and IBM® Runtime Environment Java™ Technology Edition, Version 6 & 7 that is used by IBM Rational Functional Tester .
CVEID: CVE-2014-3566
DESCRIPTION: Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-6549
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Libraries component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100141> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2014-6585
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the 2D component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 2.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100154> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-6587
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Libraries component has partial confidentiality impact, partial integrity impact, and partial availability impact.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100152> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:S/C:P/I:P/A:P)
CVEID: CVE-2014-6591
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the 2D component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 2.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100155> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-6593
DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVEID: CVE-2014-6601
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100139> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2014-8891
DESCRIPTION: A vulnerability in the IBM implementation of the Java Virtual Machine may, under very limited circumstances, allow untrusted code running under a security manager to escalate its privileges.
CVSS Base Score: 6.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99010> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2014-8892
DESCRIPTION: A vulnerability in the IBM implementation of the Java Virtual Machine may, under very limited circumstances, allow untrusted code running under a security manager to bypass permission checks and view sensitive information.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99011> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-0395
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100143> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2015-0407
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Swing component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100150> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-0408
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the RMI component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100142> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2015-0412
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the JAX-WS component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100140> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2015-0437
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100144> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Rational Functional Tester version 8.0.0.x through 8.5.1.x.
Vendor Fixes:
Product | Version | APAR | Remediation/First fix |
---|---|---|---|
RFT | 8.0.0.x | None | Download the IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 3 iFix from the Fix Central and apply it. |
RFT | 8.1.0.x | None | Download the IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 3 iFix from the Fix Central and apply it. |
RFT | 8.1.1.x | None | Download the IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 3 iFix from the Fix Central and apply it. |
RFT | 8.2.0 | None | Download the IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 3 iFix from the Fix Central and apply it. |
RFT | 8.2.1 | None | Download the IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 3 iFix from the Fix Central and apply it. |
RFT | 8.2.2.x | None | Download the IBM SDK, Java Technology Edition, Version 6 64-bit Service Refresh 16 Fix Pack 3 iFix from the Fix Central and apply it. |
RFT | 8.3.0 - 8.3.0.x | None | Download the IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 Fix Pack 10 iFix from the Fix Central and apply it. |
RFt | 8.5.0 - 8.5.0.x | None | Download the IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 Fix Pack 10 iFix from the Fix Central and apply it. |
RFT | 8.5.1.x | None | Download the IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 Fix Pack 10 iFix from the Fix Central and apply it. |
**Note:**For information about how to install iFixes, see Installing packages.
None