A potential security vulnerability exists in the IBM Java Runtime Environment component of IBM Rational Performance Tester related to the use of SSL/TLS. Patches for these vulnerabilities are available in IBM JRE 7 iFixes provided with IBM Rational Performance Tester version 8.6.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID:CVE-2014-0411
Description: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90357> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVE ID:CVE-2014-0453
Descriptio****n: An Exception thrown by the Security component reveals information that an attacker could use to break RSA keys via a Bleichenbacher attack.
The fix removes the sensitive information from the Exception message.
CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92490> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
IBM JRE provided by Rational Performance Tester versions earlier than version 8.5.1.3 on all platforms.
Upgrade to Rational Performance Tester version 8.6
Rational Performance Tester 8.6 provides IBM JRE 7 iFixes which corrects these issues.
Vendor Fix(es):
_Example: _
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
RPT | 8.5 - 8.5.x | None | Download and apply fix Rational-RPT-JavaPatch-CVE-2014-0411 on Fix Central. |
RPT | 8.3 - 8.3.x | None | Download and apply fix Rational-RPT-JavaPatch-CVE-2014-0411 on Fix Central. |
RPT | 8.2 -8.2.x | None | Download and apply fix Rational-RPT-JavaPatch-CVE-2014-0411 on Fix Central. |
RPT | 8.1 - 8.1.x | None | Download and apply fix Rational-RPT-JavaPatch-CVE-2014-0411 on Fix Central. |
RPT | 8.0 - 8.0.x | None | Download and apply fix Rational-RPT-JavaPatch-CVE-2014-0411 on Fix Central. |
None