This Alert is meant to inform you of potential security vulnerability issues that may occur if you are using the Oracle Java 7 updates reported in Oracle Security Alert for CVE-2013-0422 when using IBM Rational Host On-Demand.
There is a vulnerability in Oracle Java SE for Java 7 Update 10 and earlier.
Refer to the following Oracle alert for further details:
Oracle Security Alert for CVE-2013-0422
This vulnerability can only be exploited as a client-side attack specifically targeting the browser software located on a user's desktop.
The Host On-Demand product does not contain any of these faulty components. However, if you have downloaded a vulnerable Oracle JRE and installed it on your workstation to be active in your browser, your workstation is vulnerable to takeover if you visit a compromised web site.
Note: The IBM Software Development Kit (SDK) and IBM Java Runtime Environment (JRE) are not vulnerable to this exploit.
Suggested actions include:
- Avoid visiting untrusted web sites while Java is enabled.
- Use IBM JRE 6 SR 12 available on Fix Central
For Windows clients: http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Host+On-Demand&release=220.127.116.11&platform=Windows&function=all
For Linux clients: http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Host+On-Demand&release=18.104.22.168&platform=Linux&function=all