Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0646 Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE 6.0 8 May 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM WebSphere Operational Decision Manager IBM WebSphere ILOG JRules Publisher: IBM Operating System: AIX HP-UX Linux variants Solaris Windows z/OS IBM i Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Modify Arbitrary Files -- Remote/Unauthenticated Delete Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-1493 CVE-2013-1489 CVE-2013-1487 CVE-2013-1486 CVE-2013-1485 CVE-2013-1484 CVE-2013-1483 CVE-2013-1482 CVE-2013-1481 CVE-2013-1480 CVE-2013-1479 CVE-2013-1478 CVE-2013-1477 CVE-2013-1476 CVE-2013-1475 CVE-2013-1474 CVE-2013-1473 CVE-2013-1472 CVE-2013-0809 CVE-2013-0450 CVE-2013-0449 CVE-2013-0448 CVE-2013-0447 CVE-2013-0446 CVE-2013-0445 CVE-2013-0444 CVE-2013-0443 CVE-2013-0442 CVE-2013-0441 CVE-2013-0440 CVE-2013-0439 CVE-2013-0438 CVE-2013-0437 CVE-2013-0436 CVE-2013-0435 CVE-2013-0434 CVE-2013-0433 CVE-2013-0432 CVE-2013-0431 CVE-2013-0430 CVE-2013-0429 CVE-2013-0428 CVE-2013-0427 CVE-2013-0426 CVE-2013-0425 CVE-2013-0424 CVE-2013-0423 CVE-2013-0419 CVE-2013-0409 CVE-2013-0351 CVE-2012-5089 CVE-2012-5088 CVE-2012-5087 CVE-2012-5086 CVE-2012-5084 CVE-2012-5083 CVE-2012-5081 CVE-2012-5079 CVE-2012-5077 CVE-2012-5076 CVE-2012-5075 CVE-2012-5074 CVE-2012-5073 CVE-2012-5072 CVE-2012-5071 CVE-2012-5070 CVE-2012-5069 CVE-2012-5068 CVE-2012-5067 CVE-2012-4305 CVE-2012-4301 CVE-2012-3342 CVE-2012-3216 CVE-2012-3213 CVE-2012-3159 CVE-2012-3143 CVE-2012-1543 CVE-2012-1541 CVE-2012-1533 CVE-2012-1532 CVE-2012-1531 Reference: ASB-2013.0034 ASB-2013.0025 ASB-2013.0013 ASB-2012.0144 ASB-2012.0143 Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21635864 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE 6.0 Flash (Alert) Document information IBM Operational Decision Manager Maintenance Software version: 7.5, 8.0.1 Operating system(s): Platform Independent Reference #: 1635864 Modified date: 2013-05-03 Abstract IBM Java Runtime Environment 6.0 SR 13 release containing multiple fixes for CVEs covered in Oracle's Critical Patch Update release of October (2012), January 13, February 1 and February 19 releases (2013) contained in JDK 6.0 SR 10 and earlier Content VULNERABILITY DETAILS CVE ID: CVE-2012-3159,CVE-2012-3216,CVE-2012-5068,CVE-2012-3143,CVE-2012-3143, CVE-2012-5073,CVE-2012-5075,CVE-2012-5083,CVE-2012-5083,CVE-2012-5072, CVE-2012-1531,CVE-2012-5081,CVE-2012-1532,CVE-2012-1533,CVE-2012-5069, CVE-2012-5071,CVE-2012-5084,CVE-2012-5079,CVE-2012-5089,CVE-2012-1541, CVE-2012-3213,CVE-2012-3342,CVE-2013-0351,CVE-2013-0409,CVE-2013-0419, CVE-2013-0423,CVE-2013-0424,CVE-2013-0425,CVE-2013-0426,CVE-2013-0427, CVE-2013-0428,CVE-2013-0432,CVE-2013-0433,CVE-2013-0434,CVE-2013-0435, CVE-2013-0438,CVE-2013-0440,CVE-2013-0441,CVE-2013-0442,CVE-2013-0443, CVE-2013-0445,CVE-2013-0446,CVE-2013-0450,CVE-2013-0809,CVE-2013-1473, CVE-2013-1475,CVE-2013-1476,CVE-2013-1478,CVE-2013-1480,CVE-2013-1481, CVE-2013-1486,CVE-2013-1487,CVE-2013-1493 DESCRIPTION: IBM WebSphere ILOG JRules and IBM Operational Decision Manager includes a JDK 6.0 SR 4 containing a number of security vulnerabilities listed below: CVEID: CVE-2012-3159 CVSS Base Score 7.5 CVSS Temporal Score: See X-Force 79424 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVEID: CVE-2012-3216 CVSS Base Score 2.6 CVSS Temporal Score: See X-Force 79436 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:H/Au:N/C:P/I:N/A:N) CVEID: CVE-2012-5068 CVSS Base Score 7.5 CVSS Temporal Score: See X-Force 79425 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVEID: CVE-2012-5070 CVSS Base Score 5 CVSS Temporal Score: See X-Force 79430 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2012-5067 CVSS Base Score 5 CVSS Temporal Score: See X-Force 79429 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2012-3143 CVSS Base Score 10 CVSS Temporal Score: See X-Force 79419 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5076 CVSS Base Score 9.3 CVSS Temporal Score: See X-Force 79418 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5077 CVSS Base Score 2.6 CVSS Temporal Score: See X-Force 79437 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:H/Au:N/C:P/I:N/A:N) CVEID: CVE-2012-5073 CVSS Base Score 5 CVSS Temporal Score: See X-Force 79432 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2012-5074 CVSS Base Score 6.4 CVSS Temporal Score: See X-Force 79426 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:N) CVEID: CVE-2012-5075 CVSS Base Score 5 CVSS Temporal Score: See X-Force 79431 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2012-5083 CVSS Base Score 10 CVSS Temporal Score: See X-Force 79412 CVSS Environmental Score undefined CVSS Vector ((AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5072 CVSS Base Score 5 CVSS Temporal Score: See X-Force 79434 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2012-1531 CVSS Base Score 10 CVSS Temporal Score: See X-Force 79413 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5081 CVSS Base Score 5 CVSS Temporal Score: See X-Force 79435 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVEID: CVE-2012-1532 CVSS Base Score 10 CVSS Temporal Score: See X-Force 79417 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-1533 CVSS Base Score 10 CVSS Temporal Score: See X-Force 79416 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5069 CVSS Base Score 5.8 CVSS Temporal Score: See X-Force 79428 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:M/Au:N/C:P/I:P/A:N) CVEID: CVE-2012-5071 CVSS Base Score 6.4 CVSS Temporal Score: See X-Force 79427 CVSS Environmental Score undefined CVSS Vector(AV:N/AC:L/Au:N/C:P/I:P/A:N) CVEID: CVE-2012-5084 CVSS Base Score 7.6 CVSS Temporal Score: See X-Force 79423 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5087 CVSS Base Score 10 CVSS Temporal Score: See X-Force 79415 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5086 CVSS Base Score 10 CVSS Temporal Score: See X-Force 79414 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5079 CVSS Base Score 5 CVSS Temporal Score: See X-Force 79433 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2012-5088 CVSS Base Score 10 CVSS Temporal Score: See X-Force 79420 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5089 CVSS Base Score 7.6 CVSS Temporal Score: See X-Force 79422 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-1541 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81761 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-1543 CVSS Base Score: 7.6 CVSS Temporal Score: See X-Force 81785 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-3213 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81769 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-4301 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81775 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-4305 CVSS Base Score: 9.3 CVSS Temporal Score: See X-Force 81780 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0351 CVSS Base Score: 7.5 CVSS Temporal Score: See X-Force 81786 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVEID: CVE-2013-0409 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81793 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-0419 CVSS Base Score: 7.6 CVSS Temporal Score: See X-Force 81783 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0423 CVSS Base Score: 7.6 CVSS Temporal Score: See X-Force 81784 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0424 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81798 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-0425 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81766 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0426 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81767 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0427 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81795 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-0428 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81768 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0429 CVSS Base Score: 7.6 CVSS Temporal Score: See X-Force 81782 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0430 CVSS Base Score: 6.9 CVSS Temporal Score: See X-Force 81787 CVSS Environmental Score*: Undefined CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0431 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81794 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-0432 CVSS Base Score: 6.4 CVSS Temporal Score: See X-Force 81788 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N) CVEID: CVE-2013-0433 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81797 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-0434 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81792 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-0435 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81791 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-0436 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81771 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0437 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81753 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0438 CVSS Base Score: 4.3 CVSS Temporal Score: See X-Force 81800 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-0439 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81772 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0440 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81799 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVEID: CVE-2013-0441 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81758 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0442 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81755 CVSS Environmental Score*: Undefined CVSS Vector: (AV:/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0443 CVSS Base Score: 4 CVSS Temporal Score: See X-Force 81801 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) CVEID: CVE-2013-0444 CVSS Base Score: 7.6 CVSS Temporal Score: See X-Force 81781 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0445 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81756 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0446 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81762 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0447 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81773 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0448 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81796 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-0449 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81789 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-0450 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81764 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1472 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81774 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1473 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81790 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-1474 CVSS Base Score: 9.3 CVSS Temporal Score: See X-Force 81779 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1475 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81759 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1476 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81760 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1477 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81776 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1478 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81754 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1479 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81765 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1480 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81757 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1481 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81770 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1482 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81777 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1483 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81778 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1484 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 82179 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1485 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 82180 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-1486 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 82178 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1487 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 82177 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1489 CVSS Base Score: 0 CVSS Temporal Score: See X-Force 81802 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:N) CVEID: CVE-2013-0809 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 82515 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1493 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 82514 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. AFFECTED PLATFORMS: IBM WebSphere ILOG JRules V7.1.1 is affected on Windows system where a JDK is provided. IBM WebSphere Operational Decision Management V7.5 and IBM Operational Decision Manager V8.0 are affected on all distributed platforms. REMEDIATION: Apply the fixes described below FIX For IBM WebSphere ILOG JRules V7.1.1.x an interim fix for APAR RS01283 is available from IBM Fix Central: 7.1.1.5-WS-BRMS_JDK-WIN-IF018 For IBM WebSphere Operational Decision Manager v7.5 a fix pack for APAR RS01283 is available from IBM Fix Central: Fix Pack 7.5.0.4 APAR RS01283 is targeted for availability in IBM Operational Decision Manager V8.0.1.1 MITIGATION: none known WORKAROUND: None known; apply fixes REFERENCES: Complete CVSS Guide ( http://www.first.org/cvss/cvss-guide.html) On-line Calculator V2 ( http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2) CHANGE HISTORY: 29 Apr 2013: Original Copy Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY Cross reference information Segment Product Component Platform Version Edition Business Integration WebSphere ILOG JRules Maintenance Windows 7.1.1 Copyright and trademark information IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUYm38+4yVqjM2NGpAQIgtRAApkQyDB9DjQ8AvdBnRi47EaPNu66PZ9I5 mK1nl9+P4vIGW71UP8K0+GJhKLZ65N85W2pt32QbloZUW4CZeoegoJSVCzP8aKid TXyonm2nKZOAuDaXAORHysfYorTeKdqZbzRxpRZG2dPvA12vDanUQTZOjgpKkWvf U1I1NbwMLtyq0VBfwOWxX1WYlXIxoalHzwckCAoWk0pUOKHaBwj94ZkY48rW4T+8 1rSqvbqCTpkmeGG/AaBGhwvi1nP82V+xgcXLSXk3wgGyE+4yP2oCvOodQURoZ0gl sRjwbc2QqUqcqBNNHdWiJT2QEB9gvPwsY+K4aSwcCM7wZdkd25/1eotZiIVTvnGX BqG1m9ojhH/BVa1Zszt2ZdxGNk4WDVzaQHHcr8NA3Z4sMKewA7ghW4l7xENixM+G 6XqRbixvm3xjJUMyu7i7w311r9NsFXVJCjTNZVYd2tU6J+gHWz48eAqNpv24yuA2 w0VH9jfl8exg4SDQMSYNrcw7AV6FipaICJi2CZt2ggs7T3h5PZJPcBznc0ZwyLqm rDTd9eeuPvLjB9P0p7bGMRejv4l9ifiRWVbhLPF/cgzdcw+evMIuYZtSs5dyXlO7 7cZQ3lgwGM7fuuh9LqNTbonr/U54p7TPX2XPlTu/cLU1e0fBlwOGCl1XArLdE/9P BbwQfC8aO1w= =TtOL -----END PGP SIGNATURE-----