A potential security vulnerability exists in the IBM Java Runtime Environment component of IBM Rational Service Tester related to the use of SSL/TLS. Patches for these vulnerabilities are available in IBM JRE 7 iFixes provided with IBM Rational Service Tester version 8.6.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID:CVE-2014-0411
Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90357> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVE ID:CVE-2014-0453
Description: An Exception thrown by the Security component reveals information that an attacker could use to break RSA keys via a Bleichenbacher attack.
The fix removes the sensitive information from the Exception message.
CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92490> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
IBM JRE provided by Rational Service Tester versions earlier than version 8.5.1.3 on all platforms.
Upgrade to Rational Service Tester for SOA Quality version 8.6
Rational Service Tester 8.6 provides IBM JRE 7 iFixes which corrects these issues.
Vendor Fix(es):
_Example: _
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
RST | 8.5 - 8.5.x | None | Download and apply fix Rational-RPT-JavaPatch-CVE-2014-0411 from Fix Central. |
RST | 8.3 - 8.3.x | None | Download and apply fix Rational-RPT-JavaPatch-CVE-2014-0411 from Fix Central. |
RST | 8.2 -8.2.x | None | Downloads and apply fix Rational-RPT-JavaPatch-CVE-2014-0411 from Fix Central. |
RST | 8.1 - 8.1.x | None | Download and apply fix Rational-RPT-JavaPatch-CVE-2014-0411 from Fix Central. |
RST | 8.0 - 8.0.x | None | Download and apply fix Rational-RPT-JavaPatch-CVE-2014-0411 from Fix Central. |
None