This Alert is meant to inform you of potential security vulnerability issues that may occur if you are using the Oracle Java 7 updates reported in Oracle Security Alert for CVE-2013-0422 when using IBM Collaborative Lifecycle Management (CLM) products (Rational Quality Manager, Rational Team Concert and Rational Requirements Composer) .
There is a vulnerability in Oracle Java SE for Java 7 Update 10 and earlier.
Refer to the following Oracle alert for further details:
Oracle Security Alert for CVE-2013-0422
This vulnerability can only be exploited as a client-side attack specifically targeting the browser software located on a user's desktop.
The CLM products do not contain any of these faulty components. However, if you have downloaded a vulnerable Oracle JRE and installed it on your workstation to be active in your browser, your workstation is vulnerable to takeover if you visit a compromised web site.
Note: The IBM Software Development Kit (SDK) and IBM Java Runtime Environment (JRE) are not vulnerable to this exploit.
Suggested actions include:
- Apply fixes recommended by Oracle (see Oracle Security Alert for CVE-2013-0422)
- Switch to another vendor's JRE.
- Disable Java in your browser.
- If you must use Java in your browser, avoid visiting untrusted web sites while Java is enabled.
|Software Development||Rational Quality Manager||General Information|
|Software Development||Rational Requirements Composer||General Information|
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.