Security Bulletin: IBM Tivoli Monitoring for Energy Management Agent for Schneider Electric Andover Continuum clients affected by vulnerability in IBM JRE (CVE-2011-3389)

Flash (Alert)


Abstract

IBM Tivoli Monitoring for Energy Management Agent for Schneider Electric Andover Continuum ships and uses a Java Runtime Environment (JRE). This alert addresses vulnerabilities in the IBM JRE using the Secure Socket Layer (SSL) protocol.

Content


VULNERABILITY DETAILS:

CVE IDs: CVE-2011-3389

DESCRIPTION: Although, this is not a direct IBM Tivoli Monitoring for Energy Management Agent for Schneider Electric Andover Continuum client exposure, the affected JRE has been updated to Java 1.6.0 SR11 which remediates this type of threat.

    AFFECTED PRODUCTS AND VERSIONS:
    IBM Tivoli Monitoring for Energy Management Agent for Schneider Electric Andover Continuum, version 6.3.2.

    REMEDIATION:
    The following maintenance has been delivered to remedy the potential vulnerabilities described in this alert. This maintenance release upgrades the JRE to Java 1.6.0 SR11 on Windows(R)and Linux(R) platforms.
    Fix* VRMF APAR How to acquire fix
    6.3.2.1-TIV-ITM_EM-SCH-IF0001 6.3.2.1 IV31240 http://www-01.ibm.com/support/docview.wss?uid=swg24033779
    None 6.3.2 None Upgrade to Interim Feature 01 and apply 6.3.2.1-TIV-ITM_EM-SCH-IF0001
    Workaround(s):
    None.

Mitigation(s):
None.


REFERENCES:
RELATED INFORMATION: None.


ACKNOWLEDGEMENT: None.


CHANGE HISTORY
November 26, 2012 Advisory Flash Created

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.


Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Rate this page:

(0 users)Average rating

Document information


More support for:

Tivoli Monitoring for Energy Management
Schneider Electric Andover Continuum Agent

Software version:

6.3.2.1

Operating system(s):

Linux, Windows

Reference #:

1616815

Modified date:

2014-10-06

Translate my page

Machine Translation

Content navigation