Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary

There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2020 Critical Patch Update.

Vulnerability Details

CVEID:CVE-2020-14781
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190099 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

Product

|

VRMF

|

APAR

|

Remediation / First Fix

|

File Name

—|—|—|—|—

Rational Business Developer

|

9.5.x

|

None

| https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Business+Developer&release=9.5.1.2&platform=All&function=all| RBD_9.5_IBM_JDK8_SR6_FP25

Rational Business Developer

|

9.6.x

|

None

|

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Business+Developer&release=9.6&platform=All&function=all

| RBD_9.6_IBM_JDK8_SR6_FP25

Workarounds and Mitigations

None