Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.2305
Multiple vulnerabilities in IBM Java SDK and IBM Java
Runtime affect Rational Performance Tester
26 June 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Rational Performance Tester
Publisher: IBM
Operating System: AIX
Linux variants
Windows
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-10245
Reference: ESB-2019.2266
ESB-2019.2260
ESB-2019.2254
ESB-2019.2201
ESB-2019.2038
ESB-2019.2008
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=ibm10956599
- --------------------------BEGIN INCLUDED TEXT--------------------
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational
Performance Tester
Product: Rational Performance Tester
Software version: 8.6, 8.7, 9.0, 9.1, 9.2, 9.5
Operating system(s): AIX, Linux, Windows
Reference #: 0956599
Security Bulletin
Summary
There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version
8 and IBM Runtime Environment Java Version 8 used by Rational Performance
Tester. Rational Performance Tester has addressed the applicable CVEs.
Vulnerability Details
CVEID: CVE-2019-10245
DESCRIPTION: Eclipse OpenJ9 is vulnerable to a denial of service, caused by the
execution of a method past the end of bytecode array by the Java bytecode
verifier. A remote attacker could exploit this vulnerability to cause the
application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
160010 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
Rational Performance Tester versions 8.6, 8.7, 9.0, 9.1, 9.2 and 9.5.
Remediation/Fixes
+-------+----+----+-----------------------------------------------------------+
|Product|VRMF|APAR| Remediation/First Fix |
+-------+----+----+-----------------------------------------------------------+
| | | |Download |
|RPT |9.5 |None|http://www.ibm.com/support/fixcentral/quickorderproduct= |
| | | |ibm%2FRational%2FRational+Performance+Tester&fixids= |
| | | |Rational-RPT-JavaPatch-Java8SR5FP35&source=SAR |
+-------+----+----+-----------------------------------------------------------+
| | | |Download |
|RPT |9.2 |None|http://www.ibm.com/support/fixcentral/quickorderproduct= |
| | | |ibm%2FRational%2FRational+Performance+Tester&fixids= |
| | | |Rational-RPT-JavaPatch-Java8SR5FP35&source=SAR |
+-------+----+----+-----------------------------------------------------------+
| | | |Download |
|RPT |9.1 |None|http://www.ibm.com/support/fixcentral/quickorderproduct= |
| | | |ibm%2FRational%2FRational+Performance+Tester&fixids= |
| | | |Rational-RPT-JavaPatch-Java8SR5FP35&source=SAR |
+-------+----+----+-----------------------------------------------------------+
| | | |Download |
|RPT |9.0 |None|http://www.ibm.com/support/fixcentral/quickorderproduct= |
| | | |ibm%2FRational%2FRational+Performance+Tester&fixids= |
| | | |Rational-RPT-JavaPatch-Java8SR5FP35&source=SAR |
+-------+----+----+-----------------------------------------------------------+
| | | |Download |
|RPT |8.7 |None|http://www.ibm.com/support/fixcentral/quickorderproduct= |
| | | |ibm%2FRational%2FRational+Performance+Tester&fixids= |
| | | |Rational-RPT-JavaPatch-Java8SR5FP35&source=SAR |
+-------+----+----+-----------------------------------------------------------+
| | | |Download |
|RPT |8.6 |None|http://www.ibm.com/support/fixcentral/quickorderproduct= |
| | | |ibm%2FRational%2FRational+Performance+Tester&fixids= |
| | | |Rational-RPT-JavaPatch-Java8SR5FP35&source=SAR |
+-------+----+----+-----------------------------------------------------------+
Workarounds and Mitigations
None.
Change History
28-June-2019 original version published.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXRLuEGaOgq3Tt24GAQjT3g//WbLMq+xV7lcKXKHZ5toSqM6BfroFIW/f
SVzw47bEN2hAKFq9O8MGTWyNYaGIYFn01yVXQSNr0xbqc3HR6psFhMrfyTOJPTNU
5RegJwySmZBvuggMb+/uBRYRsRNNIZAJQIhHIGYSUDwrDHbBLIPBfclIZnXc2NYf
QXHZc0rDQJrdWLjjcPmHKXiitdq0U4xJpj4hozO3hVusGZqEpBE4Kk2+9MfT+YPH
24THr+wzbDT5sHLUiC+LEjyNe+tmSQimJoPIYhk58iYm4ta9bOibovPtakL85aih
jJ0FVj8y4XN3lmRvfHmguXvwbmlZl64Ip79LUlf1TYUr8y29PRm4CZA9ma6rk6sF
rAHwEIMxQ2UsmYlPjWGliyOCgasL+513tlXmuQ1QNEkVTzXBQj7S5ad5LjAxRSmG
EKCBC0PoRPgD8NpoKo2HOydXhw+ZyE2ICwsGT9o5ROdLht+0A78iEfYHzRK1Mg5z
20zEKBstAV9TeG4SKernQCJwJ6xsPjuZpwfLz9z1tSQ4xWed6UlVWoFYuzW5RzBJ
TmMHgQfOx0QoQAQzf9WLHI8WB8bwhEOY4KCCabBLAP+r5GMwvYE/n+RpGxUh5Wf6
jfGsLt1etfqxCPPv7T3qTVr9Lq+dMBOznXo7b8LeFm2Jeqa57tj2QeCwXYzjNA+r
CPCAQdS5/6c=
=qh9T
-----END PGP SIGNATURE-----