IBM Rational System Architect Security Vulnerability: Multiple security vulnerabilities in IBM JRE 6 (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CV

Flash (Alert)


Abstract

Rational System Architect is shipped with an IBM Java that is based on Oracle Java. Oracle has released an October 2012 critical patch update (CPU) that contains security vulnerability fixes and IBM Java is affected.

Content

Vulnerability details

CVE IDs: CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089

Description
All versions of Rational System Architect prior to version 11.4.2.2 are potentially vulnerable to the issues on this list. Rational System Architect 11.4.2.2 contains an updated IBM Java that incorporates the fixes for these issues.

CVEID: CVE-2012-1531
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79413 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-1532
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79417 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-1533
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79416 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-3143
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79419 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-3159
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79424 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2012-3216
CVSS Base Score: 2.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79436 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVEID: CVE-2012-5068
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79425 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2012-5069
CVSS Base Score: 5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79428 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVEID: CVE-2012-5071
CVSS Base Score: 6.4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79427 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVEID: CVE-2012-5072
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79329 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2012-5073
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79432 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2012-5075
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79431 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2012-5079
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79433 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2012-5081
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79435 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2012-5083
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79412 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-5084
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79423 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-5089
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79422 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

Affected versions
All versions of Rational System Architect product prior to 11.4.2.2 are potentially vulnerable.

Remediation
Upgrade to Rational System Architect 11.4.2.2, which contains the updated IBM Java. The Rational System Architect 11.4.2.2 installer and the optional installers are available on Fix Central. For more information and to download the installers go to
http://www.ibm.com/support/docview.wss?uid=swg24034108

* The CVSS Environmental Score is specific to the customer environment and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Related information section of this Flash.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

REFERENCES:
Complete CVSS Guide (http://www.first.org/cvss/cvss-guide.html)
On-line Calculator V2 (http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2)

CVE-2012-1531 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1531)
CVE-2012-1532 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1532)
CVE-2012-1533 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1533)
CVE-2012-3143 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3143)
CVE-2012-3159 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3159)
CVE-2012-3216 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3216)
CVE-2012-5068 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-5068)
CVE-2012-5069 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-5069)
CVE-2012-5071 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-5071)
CVE-2012-5072 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-5072)
CVE-2012-5073 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-5073)
CVE-2012-5075 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-5075)
CVE-2012-5079 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-5079)
CVE-2012-5081 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-5081)
CVE-2012-5083 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-5083)
CVE-2012-5084 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-5084)
CVE-2012-5089 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-5089)

'Content Quality/Search Guidelines'. Please read.

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Rational System Architect

Software version:

11.0, 11.1, 11.2, 11.3, 11.3.1, 11.3.1.1, 11.3.1.2, 11.3.1.3, 11.3.1.4, 11.3.1.5, 11.4, 11.4.0.1, 11.4.0.2, 11.4.0.3, 11.4.1, 11.4.1.1, 11.4.1.2, 11.4.2, 11.4.2.1

Operating system(s):

Windows

Reference #:

1620037

Modified date:

2012-12-21

Translate my page

Machine Translation

Content navigation