There is a vulnerability in IBM SDK Java Technology Edition, Versions 5, 6, and 7 that is used by Rational Application Developer for WebSphere. This issue was disclosed as part of the IBM Java SDK updates in July 2014.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVEID:CVE-2014-4263
**DESCRIPTION:**An unspecified vulnerability related to the Security component has partial
confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVEID:CVE-2014-3068**
DESCRIPTION:*A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. . CVSS Base Score: 2.4 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93756> for the current score CVSS Environmental Score: Undefined CVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)
Rational Application Developer 9.1.0.1 and earlier.
Update the Java Development Kit of the product to address this vulnerability:
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
Rational Application Developer | 7.0 through 9.1.0.1 | PI23369 |
For all versions, apply IBM SDK Java Technology Edition Critical Patch Update - July 2014
Rational Agent Controller| 7.0 through to 9.1| PI23369|
Apply IBM Rational Agent Controller version 9.1.1
Rational Build Utility| 7.5 through to 9.1.0.1| PI23369|
For use on Windows or Linux: apply IBM SDK Java Technology Edition Critical Patch Update - July 2014
For use on System z:
|
|
|
None