Flash (Alert)
Abstract
This Alert is meant to inform you of potential security vulnerability issues that might occur if you are using the Oracle Java 7 updates reported in Oracle Security Alert for CVE-2013-0422 when using IBM Rational Change product.
Content
There is a vulnerability in Oracle Java SE for Java 7 Update 10 and earlier.
Refer to the following Oracle alert for further details:
Oracle Security Alert for CVE-2013-0422
This vulnerability can only be exploited as a client-side attack specifically targeting the browser software located on a user's desktop.
The Rational Change product does not contain the faulty component. However, if you have downloaded a vulnerable Oracle JRE and installed it into your workstation's browser, your workstation is vulnerable to takeover if you visit a compromised web site.
Note: The IBM Software Development Kit (SDK) and IBM Java Runtime Environment (JRE) are not vulnerable to this exploit.
Suggested actions include:
Apply fixes recommended by Oracle (see Oracle Security Alert for CVE-2013-0422)
Switch to another vendor's JRE.
Disable Java in your browser.
If you must use Java in your browser, avoid visiting untrusted web sites while Java is enabled.
References:
IBM Security Alert
Oracle Security Alert
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.