CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
37.2%
There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester (RFT) / DevOps Test UI. RFT has addressed the applicable CVEs.
CVEID:CVE-2024-20952
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279685 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVEID:CVE-2024-20918
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279718 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVEID:CVE-2024-20921
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279734 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2024-20945
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a local authenticated attacker to cause high confidentiality impact.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279775 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2024-20926
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Scripting component could allow a remote attacker to cause high confidentiality impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279716 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
Rational Functional Tester (RFT) | RFT 10.0 |
Rational Functional Tester (RFT) | RFT 10.1 |
Rational Functional Tester (RFT) | RFT 10.2 |
Rational Functional Tester (RFT) | RFT 10.5 |
DevOps Test UI (Test UI) | Test UI 11.0 |
Download the correct version of JDK for your platform to manually replace the JDK.
Note: Please take a backup of the existing _${RFTinstallLocation}/_jdk folder.
Download the correct version of JRE for your platform to manually replace the JRE.
Note: Please take a backup of the existing _${DTUIinstallLocation}/_jre17/jre folder.
Additional steps for Mac OS:
Run the following commands:
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/bin
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/jre/bin
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/jre/lib/jspawnhelper
chmod -R +x ${RFTinstallLocation}/jdk/Contents/Home/jre/lib/*.dylib
rm -f ${RFTinstallLocation}/jdk/Contents/MacOS/libjli.dylib
ln -s ${RFTinstallLocation}/jdk/Contents/Home/jre/lib/jli/libjli.dylib ${RFTinstallLocation}/jdk/Contents/MacOS/libjli.dylib
For DevOps Test UI 11.0.0 and later releases, run the following additional commands:
chmod -R +x ${TestUIinstallLocation}/jre17/jre/Contents/Home/bin
chmod -R +x ${TestUIinstallLocation}/jre17/jre/Contents/Home/lib/jspawnhelper
chmod -R +x ${TestUIinstallLocation}/jre17/jre/Contents/Home/lib/*.dylib
rm -f ${TestUIinstallLocation}/jre17/jre/Contents/MacOS/libjli.dylib
ln -s ${TestUIinstallLocation}/jre17/jre/Contents/Home/lib/jli/libjli.dylib ${TestUIinstallLocation}/jre17/jre/Contents/MacOS/libjli.dylib
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | rational_functional_tester | 10.0 | cpe:2.3:a:ibm:rational_functional_tester:10.0:*:*:*:*:*:*:* |
ibm | rational_functional_tester | 11.0 | cpe:2.3:a:ibm:rational_functional_tester:11.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
37.2%