Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMAAB6FE2045BAD0A91C5B656D7FBE27CF7D943E91A5F0AA9C905B8C6DC570D033
HistorySep 29, 2018 - 8:06 p.m.

Security Bulletin: Vulnerabilities in Rational Functional Tester due to IBM SDK, Java Technology Edition Version 1.6 and IBM SDK, Java Technology Edition Version 1.7

2018-09-2920:06:32
www.ibm.com
61

0.133 Low

EPSS

Percentile

95.6%

JSON

Summary

Multiple vulnerabilities exist in the Java Runtime Environments (JREs) IBM SDK, Java Technology Edition Version 1.6 and IBM SDK, Java Technology Edition Version 1.7 that can affect the security of Rational Functional Tester (RFT).

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

  • Follow this link for more information (requires login with your IBM ID)
    —|—

CVEID: CVE-2014-2421

Description: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 10 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92462&gt; for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-2428

Description: An unspecified vulnerability related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 7.6 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92469&gt; for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID:CVE-2014-0448

Description: An unspecified vulnerability related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 7.6 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92468&gt; for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID:CVE-2014-0463

Description: Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting.

CVSS Base Score: 4.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92486&gt; for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID:CVE-2014-1876

Description: An unspecified vulnerability related to the Libraries component has no confidentiality impact, partial integrity impact, and partial availability impact.

CVSS Base Score: 2.6 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92492&gt; for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:P)

CVEID:CVE-2014-2420

Description: An unspecified vulnerability related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 2.6 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92493&gt; for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)

CVEID:CVE-2013-6954

Description: A remote attacker could exploit this vulnerability using specially-crafted PNG image data to cause the application to crash.

CVSS Base Score: 5 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/89917&gt; for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:CVE-2013-6629

Description: An attacker could exploit this vulnerability using specially crafted JPEG image data to read uninitialized memory and obtain sensitive information.

CVSS Base Score: 5 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/88783&gt; for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Affected Products and Versions

IBM JRE provided by Rational Functional Tester version 8.5.1.3 and earlier on all the platforms.

Remediation/Fixes

Upgrade to Rational Functional Tester 8.6 which ships with IBM SDK, Java Technology Edition Version 7.0 Service Release 7 and addresses these security issues.

Vendor Fixes:

Product VRMF APAR Remediation/First fix
RFT 8.5 - 8.5.1.3 None Download the Java 7 SR7 iFix from the Fix Central
RFT 8.3 - 8.3.x None Download the Java 7 SR7 iFix from the Fix Central
RFT 8.2 - 8.2.x None Download the Java 6 SR16 iFix from the Fix Central
RFT 8.1 - 8.1.x None Download the Java 6 SR16 iFix from the Fix Central
RFT 8.0 - 8.0.x None Download the Java 6 SR16 iFix from the Fix Central

Workarounds and Mitigations

None

Related

ibm 11
cvelist 8
ubuntucve 8
prion 8
nvd 8
nessus 38
fedora 9
securityvulns 3
openvas 41
mskb 5
mscve 1
veracode 24
cve 8
cert 1
mageia 3
f5 2
slackware 1
symantec 1
debiancve 1
redhat 4
kaspersky 2
oraclelinux 2
zdi 1
centos 1
aix 1
suse 4
thn 1
gentoo 1
mozilla 1
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM SDK, Java Technology Edition bundled product shipped with Rational Asset Manager (CVE-2014-2421, CVE-2014-1876)
2018-06-17 04:55:08
Security Bulletin: Security vulnerability in IBM Jazz Team Server affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-2421, CVE-2013-6954, CVE-2013-6629, CVE-2014-0411, CVE-2014-0416)
2021-04-28 18:35:50
Security Bulletin: SiteProtector System can be affected by several vulnerabilities in the IBM Java Runtime Environment (CVE-2013-6954, CVE-2013-6629, CVE-2014-2421, CVE-2014-0453, CVE-2014-1876, CVE-2014-4244, CVE-2014-4263) and in Tomcat (CVE-2014-0075)
2018-06-16 21:19:16
cvelist
cvelist
CVE-2014-2428
2014-04-16 02:05:00
CVE-2013-6629
2013-11-15 20:00:00
CVE-2014-2421
2014-04-16 02:05:00
ubuntucve
ubuntucve
CVE-2014-2428
2014-04-16 00:00:00
CVE-2014-1876
2014-02-10 00:00:00
CVE-2013-6954
2014-01-12 00:00:00
prion
prion
Design/Logic Flaw
2014-04-16 02:55:00
Null pointer dereference
2014-01-12 18:34:00
Buffer overflow
2014-04-16 02:55:00
nvd
nvd
CVE-2014-2428
2014-04-16 02:55:15
CVE-2013-6954
2014-01-12 18:34:55
CVE-2013-6629
2013-11-19 04:50:56
nessus
nessus
Fedora 19 : libpng10-1.0.60-6.fc19 (2014-1754)
2014-02-07 00:00:00
Fedora 20 : libpng10-1.0.60-6.fc20 (2014-1778)
2014-02-07 00:00:00
F5 Networks BIG-IP : libjpeg vulnerability (K59503294)
2016-05-24 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: libpng10-1.0.60-6.fc19
2014-02-07 03:09:00
[SECURITY] Fedora 20 Update: libpng12-1.2.50-6.fc20
2014-02-11 23:05:23
[SECURITY] Fedora 20 Update: libpng10-1.0.60-6.fc20
2014-02-07 03:09:47
securityvulns
securityvulns
[ MDVSA-2014:035 ] libpng
2014-02-18 00:00:00
libpng DoS
2014-02-18 00:00:00
bugs in IJG jpeg6b &amp; libjpeg-turbo
2013-12-09 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0075)
2022-01-28 00:00:00
Microsoft Windows 'libjpeg' Information Disclosure Vulnerability (KB4014794)
2017-04-12 00:00:00
Fedora Update for libpng FEDORA-2014-6717
2014-06-17 00:00:00
mskb
mskb
Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017
2017-04-11 07:00:00
Security update for the libjpeg information disclosure vulnerability for Microsoft Silverlight 5: April 11, 2017
2017-04-11 07:00:00
Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017
2017-04-11 07:00:00
mscve
mscve
libjpeg Information Disclosure Vulnerability
2017-04-11 07:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:58:06
Privilege Escalation
2019-05-02 04:58:07
Information Disclosure
2019-05-02 04:58:05
cve
cve
CVE-2014-2428
2014-04-16 02:55:15
CVE-2014-2420
2014-04-16 02:55:15
CVE-2014-2421
2014-04-16 02:55:15
cert
cert
libpng 1.6.1 through 1.6.7 contain a null-pointer dereference vulnerability
2014-01-09 00:00:00
mageia
mageia
Updated libpng12 package fixes security vulnerability
2014-02-16 17:29:28
Updated libpng and libpng12 packages fix security vulnerability
2014-02-16 17:28:12
Updated libjpeg packages fix vulnerabilities in libjpeg-turbo
2013-11-21 00:31:46
f5
f5
SOL59503294 - libjpeg vulnerability CVE-2013-6629
2016-02-19 00:00:00
K59503294 : libjpeg vulnerability CVE-2013-6629
2016-02-19 00:00:00
slackware
slackware
[slackware-security] libjpeg
2013-12-17 03:49:12
symantec
symantec
libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability
2013-11-12 00:00:00
debiancve
debiancve
CVE-2013-6629
2013-11-19 04:50:56
redhat
redhat
(RHSA-2013:1804) Moderate: libjpeg security update
2013-12-09 00:00:00
(RHSA-2014:0508) Critical: java-1.6.0-ibm security update
2014-05-15 00:00:00
(RHSA-2014:0486) Critical: java-1.7.0-ibm security update
2014-05-13 00:00:00
kaspersky
kaspersky
KLA11061 Information disclosure vulnerability in Microsoft Windows
2017-04-11 00:00:00
KLA10001 Multiple vulnerabilities in Oracle Java Runtime Environment & Java Development Kit
2014-04-30 00:00:00
oraclelinux
oraclelinux
libjpeg security update
2013-12-09 00:00:00
libjpeg-turbo security update
2013-12-09 00:00:00
zdi
zdi
Oracle Java JPEG Buffer Overflow Remote Code Execution Vulnerability
2014-04-21 00:00:00
centos
centos
libjpeg security update
2013-12-10 00:47:48
aix
aix
Multiple vulnerabilities in current releases of the IBM SDK Java Technology Edition
2014-06-19 09:10:49
suse
suse
Security update for IBM Java 6 (important)
2014-05-29 01:04:18
Security update for IBM Java 6 (important)
2014-05-30 02:04:33
Security update for IBM Java 7 (important)
2014-05-30 02:04:16
thn
thn
Oracle releases Critical Update to Patch 104 Vulnerabilities
2014-04-16 07:48:00
gentoo
gentoo
libjpeg-turbo: Multiple vulnerabilities
2016-06-05 00:00:00
mozilla
mozilla
JPEG information leak — Mozilla
2013-12-10 00:00:00

0.133 Low

EPSS

Percentile

95.6%

JSON
Related for AAB6FE2045BAD0A91C5B656D7FBE27CF7D943E91A5F0AA9C905B8C6DC570D033
ibm11cvelist8ubuntucve8prion8nvd8nessus38fedora9securityvulns3openvas41mskb5mscve1veracode24cve8cert1mageia3f52slackware1symantec1debiancve1redhat4kaspersky2oraclelinux2zdi1centos1aix1suse4thn1gentoo1mozilla1