Multiple vulnerabilities exist in the Java Runtime Environments (JREs) IBM SDK, Java Technology Edition Version 1.6 and IBM SDK, Java Technology Edition Version 1.7 that can affect the security of Rational Functional Tester (RFT).
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVEID: CVE-2014-2421
Description: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92462> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2014-2428
Description: An unspecified vulnerability related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 7.6 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92469> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID:CVE-2014-0448
Description: An unspecified vulnerability related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 7.6 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92468> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID:CVE-2014-0463
Description: Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting.
CVSS Base Score: 4.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92486> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID:CVE-2014-1876
Description: An unspecified vulnerability related to the Libraries component has no confidentiality impact, partial integrity impact, and partial availability impact.
CVSS Base Score: 2.6 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92492> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:P)
CVEID:CVE-2014-2420
Description: An unspecified vulnerability related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 2.6 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92493> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVEID:CVE-2013-6954
Description: A remote attacker could exploit this vulnerability using specially-crafted PNG image data to cause the application to crash.
CVSS Base Score: 5 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/89917> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID:CVE-2013-6629
Description: An attacker could exploit this vulnerability using specially crafted JPEG image data to read uninitialized memory and obtain sensitive information.
CVSS Base Score: 5 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/88783> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
IBM JRE provided by Rational Functional Tester version 8.5.1.3 and earlier on all the platforms.
Upgrade to Rational Functional Tester 8.6 which ships with IBM SDK, Java Technology Edition Version 7.0 Service Release 7 and addresses these security issues.
Vendor Fixes:
Product | VRMF | APAR | Remediation/First fix |
---|---|---|---|
RFT | 8.5 - 8.5.1.3 | None | Download the Java 7 SR7 iFix from the Fix Central |
RFT | 8.3 - 8.3.x | None | Download the Java 7 SR7 iFix from the Fix Central |
RFT | 8.2 - 8.2.x | None | Download the Java 6 SR16 iFix from the Fix Central |
RFT | 8.1 - 8.1.x | None | Download the Java 6 SR16 iFix from the Fix Central |
RFT | 8.0 - 8.0.x | None | Download the Java 6 SR16 iFix from the Fix Central |
None