IBM3D6246498CACCFF52D92DB28CC2A02DAA7ACB4972B156DE4B6CB298BFF2A769ESecurity Bulletin: Vulnerability in IBM Java Runtime affects Rational Publishing Engine
0.054 Low
EPSS
Percentile
93.2%
Summary
There is a vulnerability in IBM Java Runtime Environment, Versions 6 and 7 that are used by Rational Publishing Engine.
Vulnerability Details
CVEID:CVE-2017-3289 DESCRIPTION: Specially crafted bytecode can bypass the required call to super.init() in a constructor, which allows uninitialized objects to be created. Untrusted code can exploit this to elevate its privileges.
CVSS Base Score: 9.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120861> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID:CVE-2017-3272 DESCRIPTION: A flaw in the java.util.concurrent package facilitates type confusion, which can be exploited by untrusted code to elevate its privileges.
CVSS Base Score: 9.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120862> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID:CVE-2017-3241 DESCRIPTION: RMI deserialization does not limit the types which are deserialized, which can lead to sandbox escapes.
Filtering functionality has been added, with a default filter for RMI which can be customized if necessary.
<http://openjdk.java.net/jeps/290>
CVSS Base Score: 9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120867> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID:CVE-2017-3260 DESCRIPTION: A flaw in the AWT component facilitates targeted memory corruption. This may allow untrusted code to elevate its privileges.
CVSS Base Score: 8.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120857> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID:CVE-2016-5546 DESCRIPTION: ECDSA will accept signatures that have various extraneous bytes added to them whereas the signature is supposed to be unique.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120869> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID:CVE-2017-3253 DESCRIPTION: The PNG specification allows zTXt sections to be 2^32-1 bytes long. These are currently uncompressed by default, which allows an attacker to inflict a DoS by providing malicious PNG images.
The fix ensures that zTXt sections are ignored by default.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120868> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID:CVE-2016-5548 DESCRIPTION: DSA signing exhibits a timing bias that may leak information about k.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120864> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID:CVE-2016-5549 DESCRIPTION: ECDSA signing exhibits a timing bias that may leak information about k.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120863> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID:CVE-2017-3252 DESCRIPTION: A flaw in com.sun.security.auth.module.LdapLoginModule leads to deserialization of untrusted data (LDAP responses).
The implementation has been changed to correct the problem.
CVSS Base Score: 5.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120870> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID:CVE-2016-5547 DESCRIPTION: A flaw in the JCE component means that the value of a parameter in RSA keys is not validated before being used to size a new byte array. This allows an attacker to inflict a DoS with a maliciously crafted key with a very large value for the parameter, which leads to an OutOfMemoryError. The fix ensures that the value of the parameter is validated before use.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120871> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID:CVE-2016-5552 DESCRIPTION: A flaw in the java.net.URL implementation can be exploited by an attacker to obfuscate URLs. The fix addresses the flaw so that URLs are parsed correctly.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120872> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID:CVE-2017-3261 DESCRIPTION: An integer overflow flaw in the SocketOutputStream implementation allows untrusted code to access potentially sensitive information via arbitrary memory reads.
The fix detects the integer overflow and handles it gracefully.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120866> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID:CVE-2017-3231 DESCRIPTION: A flaw in URLClassLoader allows untrusted code to bypass permission checks and trigger HTTP GET requests that would otherwise be blocked by the security manager.
The fix adds new permission checks to prevent the unauthorised HTTP requests from occurring.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120865> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID:CVE-2017-3259 DESCRIPTION: A flaw in the Deploy component allows a malicious proxy auto-configuration (PAC) script to obtain sensitive information via a man-in-the-middle attack.
The fix removes sensitive information from the data that can be intercepted by PAC scripts.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120859> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID:CVE-2016-2183 DESCRIPTION: 3DES can be exploited for block collisions when long running sessions are allowed (SWEET32).
The IBM fix adds DESede/3DES_EDE_CBC to the jdk.tls.disabledAlgorithms property in the java.security file.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/116337> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
Affected Products and Versions
Rational Publishing Engine 1.3
Rational Publishing Engine 2.0
Rational Publishing Engine 2.0.1
Rational Publishing Engine 2.1.0
Rational Publishing Engine 2.1.1
Remediation/Fixes
Upgrade the IBM Java Runtime environment used with Rational Publishing Engine to version 7.1.3.60, which can be downloaded from http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Rational+Publishing+Engine&fixids=Rational-RPE-JavaSE-JRE-7.1SR4FP1&source=SAR
Workarounds and Mitigations
None.
Related
0.054 Low
EPSS
Percentile
93.2%