Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0646
Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG
JRules: Multiple security vulnerabilities in IBM JRE 6.0
8 May 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM WebSphere Operational Decision Manager
IBM WebSphere ILOG JRules
Publisher: IBM
Operating System: AIX
HP-UX
Linux variants
Solaris
Windows
z/OS
IBM i
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Delete Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2013-1493 CVE-2013-1489 CVE-2013-1487
CVE-2013-1486 CVE-2013-1485 CVE-2013-1484
CVE-2013-1483 CVE-2013-1482 CVE-2013-1481
CVE-2013-1480 CVE-2013-1479 CVE-2013-1478
CVE-2013-1477 CVE-2013-1476 CVE-2013-1475
CVE-2013-1474 CVE-2013-1473 CVE-2013-1472
CVE-2013-0809 CVE-2013-0450 CVE-2013-0449
CVE-2013-0448 CVE-2013-0447 CVE-2013-0446
CVE-2013-0445 CVE-2013-0444 CVE-2013-0443
CVE-2013-0442 CVE-2013-0441 CVE-2013-0440
CVE-2013-0439 CVE-2013-0438 CVE-2013-0437
CVE-2013-0436 CVE-2013-0435 CVE-2013-0434
CVE-2013-0433 CVE-2013-0432 CVE-2013-0431
CVE-2013-0430 CVE-2013-0429 CVE-2013-0428
CVE-2013-0427 CVE-2013-0426 CVE-2013-0425
CVE-2013-0424 CVE-2013-0423 CVE-2013-0419
CVE-2013-0409 CVE-2013-0351 CVE-2012-5089
CVE-2012-5088 CVE-2012-5087 CVE-2012-5086
CVE-2012-5084 CVE-2012-5083 CVE-2012-5081
CVE-2012-5079 CVE-2012-5077 CVE-2012-5076
CVE-2012-5075 CVE-2012-5074 CVE-2012-5073
CVE-2012-5072 CVE-2012-5071 CVE-2012-5070
CVE-2012-5069 CVE-2012-5068 CVE-2012-5067
CVE-2012-4305 CVE-2012-4301 CVE-2012-3342
CVE-2012-3216 CVE-2012-3213 CVE-2012-3159
CVE-2012-3143 CVE-2012-1543 CVE-2012-1541
CVE-2012-1533 CVE-2012-1532 CVE-2012-1531
Reference: ASB-2013.0034
ASB-2013.0025
ASB-2013.0013
ASB-2012.0144
ASB-2012.0143
Original Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21635864
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules:
Multiple security vulnerabilities in IBM JRE 6.0
Flash (Alert)
Document information
IBM Operational Decision Manager
Maintenance
Software version:
7.5, 8.0.1
Operating system(s):
Platform Independent
Reference #:
1635864
Modified date:
2013-05-03
Abstract
IBM Java Runtime Environment 6.0 SR 13 release containing multiple fixes for
CVEs covered in Oracle's Critical Patch Update release of October (2012),
January 13, February 1 and February 19 releases (2013) contained in JDK 6.0
SR 10 and earlier
Content
VULNERABILITY DETAILS
CVE ID: CVE-2012-3159,CVE-2012-3216,CVE-2012-5068,CVE-2012-3143,CVE-2012-3143,
CVE-2012-5073,CVE-2012-5075,CVE-2012-5083,CVE-2012-5083,CVE-2012-5072,
CVE-2012-1531,CVE-2012-5081,CVE-2012-1532,CVE-2012-1533,CVE-2012-5069,
CVE-2012-5071,CVE-2012-5084,CVE-2012-5079,CVE-2012-5089,CVE-2012-1541,
CVE-2012-3213,CVE-2012-3342,CVE-2013-0351,CVE-2013-0409,CVE-2013-0419,
CVE-2013-0423,CVE-2013-0424,CVE-2013-0425,CVE-2013-0426,CVE-2013-0427,
CVE-2013-0428,CVE-2013-0432,CVE-2013-0433,CVE-2013-0434,CVE-2013-0435,
CVE-2013-0438,CVE-2013-0440,CVE-2013-0441,CVE-2013-0442,CVE-2013-0443,
CVE-2013-0445,CVE-2013-0446,CVE-2013-0450,CVE-2013-0809,CVE-2013-1473,
CVE-2013-1475,CVE-2013-1476,CVE-2013-1478,CVE-2013-1480,CVE-2013-1481,
CVE-2013-1486,CVE-2013-1487,CVE-2013-1493
DESCRIPTION:
IBM WebSphere ILOG JRules and IBM Operational Decision Manager includes a JDK
6.0 SR 4 containing a number of security vulnerabilities listed below:
CVEID: CVE-2012-3159
CVSS Base Score 7.5
CVSS Temporal Score: See X-Force 79424
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID: CVE-2012-3216
CVSS Base Score 2.6
CVSS Temporal Score: See X-Force 79436
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVEID: CVE-2012-5068
CVSS Base Score 7.5
CVSS Temporal Score: See X-Force 79425
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID: CVE-2012-5070
CVSS Base Score 5
CVSS Temporal Score: See X-Force 79430
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2012-5067
CVSS Base Score 5
CVSS Temporal Score: See X-Force 79429
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2012-3143
CVSS Base Score 10
CVSS Temporal Score: See X-Force 79419
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-5076
CVSS Base Score 9.3
CVSS Temporal Score: See X-Force 79418
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-5077
CVSS Base Score 2.6
CVSS Temporal Score: See X-Force 79437
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVEID: CVE-2012-5073
CVSS Base Score 5
CVSS Temporal Score: See X-Force 79432
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2012-5074
CVSS Base Score 6.4
CVSS Temporal Score: See X-Force 79426
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVEID: CVE-2012-5075
CVSS Base Score 5
CVSS Temporal Score: See X-Force 79431
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2012-5083
CVSS Base Score 10
CVSS Temporal Score: See X-Force 79412
CVSS Environmental Score undefined
CVSS Vector ((AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-5072
CVSS Base Score 5
CVSS Temporal Score: See X-Force 79434
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2012-1531
CVSS Base Score 10
CVSS Temporal Score: See X-Force 79413
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-5081
CVSS Base Score 5
CVSS Temporal Score: See X-Force 79435
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2012-1532
CVSS Base Score 10
CVSS Temporal Score: See X-Force 79417
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-1533
CVSS Base Score 10
CVSS Temporal Score: See X-Force 79416
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-5069
CVSS Base Score 5.8
CVSS Temporal Score: See X-Force 79428
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVEID: CVE-2012-5071
CVSS Base Score 6.4
CVSS Temporal Score: See X-Force 79427
CVSS Environmental Score undefined
CVSS Vector(AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVEID: CVE-2012-5084
CVSS Base Score 7.6
CVSS Temporal Score: See X-Force 79423
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-5087
CVSS Base Score 10
CVSS Temporal Score: See X-Force 79415
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-5086
CVSS Base Score 10
CVSS Temporal Score: See X-Force 79414
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-5079
CVSS Base Score 5
CVSS Temporal Score: See X-Force 79433
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2012-5088
CVSS Base Score 10
CVSS Temporal Score: See X-Force 79420
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-5089
CVSS Base Score 7.6
CVSS Temporal Score: See X-Force 79422
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-1541
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81761
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-1543
CVSS Base Score: 7.6
CVSS Temporal Score: See X-Force 81785
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-3213
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81769
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-4301
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81775
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-4305
CVSS Base Score: 9.3
CVSS Temporal Score: See X-Force 81780
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0351
CVSS Base Score: 7.5
CVSS Temporal Score: See X-Force 81786
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID: CVE-2013-0409
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81793
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2013-0419
CVSS Base Score: 7.6
CVSS Temporal Score: See X-Force 81783
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0423
CVSS Base Score: 7.6
CVSS Temporal Score: See X-Force 81784
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0424
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81798
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2013-0425
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81766
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0426
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81767
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0427
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81795
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2013-0428
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81768
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0429
CVSS Base Score: 7.6
CVSS Temporal Score: See X-Force 81782
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0430
CVSS Base Score: 6.9
CVSS Temporal Score: See X-Force 81787
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0431
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81794
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2013-0432
CVSS Base Score: 6.4
CVSS Temporal Score: See X-Force 81788
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVEID: CVE-2013-0433
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81797
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2013-0434
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81792
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2013-0435
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81791
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2013-0436
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81771
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0437
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81753
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0438
CVSS Base Score: 4.3
CVSS Temporal Score: See X-Force 81800
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2013-0439
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81772
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0440
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81799
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2013-0441
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81758
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0442
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81755
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0443
CVSS Base Score: 4
CVSS Temporal Score: See X-Force 81801
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVEID: CVE-2013-0444
CVSS Base Score: 7.6
CVSS Temporal Score: See X-Force 81781
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0445
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81756
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0446
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81762
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0447
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81773
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0448
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81796
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2013-0449
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81789
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2013-0450
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81764
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1472
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81774
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1473
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81790
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2013-1474
CVSS Base Score: 9.3
CVSS Temporal Score: See X-Force 81779
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1475
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81759
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1476
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81760
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1477
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81776
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1478
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81754
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1479
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81765
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1480
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81757
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1481
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81770
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1482
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81777
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1483
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81778
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1484
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 82179
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1485
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 82180
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2013-1486
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 82178
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1487
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 82177
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1489
CVSS Base Score: 0
CVSS Temporal Score: See X-Force 81802
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:N)
CVEID: CVE-2013-0809
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 82515
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-1493
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 82514
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Flash.
AFFECTED PLATFORMS:
IBM WebSphere ILOG JRules V7.1.1 is affected on Windows system where a JDK is
provided.
IBM WebSphere Operational Decision Management V7.5 and IBM Operational Decision
Manager V8.0 are affected on all distributed platforms.
REMEDIATION:
Apply the fixes described below
FIX
For IBM WebSphere ILOG JRules V7.1.1.x an interim fix for APAR RS01283 is
available from IBM Fix Central: 7.1.1.5-WS-BRMS_JDK-WIN-IF018
For IBM WebSphere Operational Decision Manager v7.5 a fix pack for APAR RS01283
is available from IBM Fix Central: Fix Pack 7.5.0.4
APAR RS01283 is targeted for availability in IBM Operational Decision Manager
V8.0.1.1
MITIGATION:
none known
WORKAROUND:
None known; apply fixes
REFERENCES:
Complete CVSS Guide ( http://www.first.org/cvss/cvss-guide.html)
On-line Calculator V2 ( http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2)
CHANGE HISTORY:
29 Apr 2013: Original Copy
Note: According to the Forum of Incident Response and Security Teams (FIRST),
the Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY
Cross reference information
Segment Product Component Platform Version Edition
Business Integration WebSphere ILOG JRules Maintenance Windows 7.1.1
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines
Corp., registered in many jurisdictions worldwide. Other product and service
names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the Web at "Copyright and trademark information" at
www.ibm.com/legal/copytrade.shtml.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUYm38+4yVqjM2NGpAQIgtRAApkQyDB9DjQ8AvdBnRi47EaPNu66PZ9I5
mK1nl9+P4vIGW71UP8K0+GJhKLZ65N85W2pt32QbloZUW4CZeoegoJSVCzP8aKid
TXyonm2nKZOAuDaXAORHysfYorTeKdqZbzRxpRZG2dPvA12vDanUQTZOjgpKkWvf
U1I1NbwMLtyq0VBfwOWxX1WYlXIxoalHzwckCAoWk0pUOKHaBwj94ZkY48rW4T+8
1rSqvbqCTpkmeGG/AaBGhwvi1nP82V+xgcXLSXk3wgGyE+4yP2oCvOodQURoZ0gl
sRjwbc2QqUqcqBNNHdWiJT2QEB9gvPwsY+K4aSwcCM7wZdkd25/1eotZiIVTvnGX
BqG1m9ojhH/BVa1Zszt2ZdxGNk4WDVzaQHHcr8NA3Z4sMKewA7ghW4l7xENixM+G
6XqRbixvm3xjJUMyu7i7w311r9NsFXVJCjTNZVYd2tU6J+gHWz48eAqNpv24yuA2
w0VH9jfl8exg4SDQMSYNrcw7AV6FipaICJi2CZt2ggs7T3h5PZJPcBznc0ZwyLqm
rDTd9eeuPvLjB9P0p7bGMRejv4l9ifiRWVbhLPF/cgzdcw+evMIuYZtSs5dyXlO7
7cZQ3lgwGM7fuuh9LqNTbonr/U54p7TPX2XPlTu/cLU1e0fBlwOGCl1XArLdE/9P
BbwQfC8aO1w=
=TtOL
-----END PGP SIGNATURE-----