Skip to main content

Security Bulletin: Potential security vulnerabilities in Rational Host On-Demand products for the Oracle October 2012 CPU


Flash (Alert)


Abstract

IBM Rational Host On-Demand provides an IBM JRE that is based on the Oracle JRE as part of its server package for clients to download and install on client machines. There are vulnerabilities that can occur when the affected JRE is installed as the system JRE. Oracle has released October 2012 critical patch updates (CPU) which contain security vulnerability fixes and the IBM JRE that Rational Host On-Demand ships is affected.

Content

VULNERABILITY DETAILS


    AFFECTED PRODUCTS:
      IBM JRE shipped with Host On-Demand 11.0.0.0 through 11.0.6.1.
    REMEDIATION:
      Fix:
      Customers should download the Host On-Demand Version 11.0.7 release from Fix Central and update the existing Host On-Demand.

      Workaround(s): None

      Mitigation(s): None

REFERENCES
RELATED INFORMATION
ACKNOWLEDGEMENT
    None

CHANGE HISTORY
    6 March 2013: Original publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the References section of this Flash.


Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Cross reference information
Segment Product Component Platform Version Edition
Networking Rational Host On-Demand General Information AIX, HP-UX, HP Itanium, i5/OS, Linux, Linux iSeries, Linux on System z, Linux pSeries, OS/400, Solaris, Windows, z/OS 11.0, 11.0.1.0, 11.0.2.0, 11.0.3.0, 11.0.4.0, 11.0.5.0, 11.0.5.1, 11.0.6, 11.0.6.1

Rate this page:

(0 users)Average rating

Copyright and trademark information

IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.

Rate this page:


(0 users)Average rating

Add comments

Document information

Rational Host On-Demand

General Information

Software version:
11.0, 11.0.1.0, 11.0.2.0, 11.0.3.0, 11.0.4.0, 11.0.5.0, 11.0.5.1, 11.0.6, 11.0.6.1

Operating system(s):
AIX, HP Itanium, HP-UX, Linux, Linux iSeries, Linux on System z, Linux pSeries, OS/400, Solaris, Windows, i5/OS, z/OS

Reference #:
1625941

Modified date:
2013-03-06

Translate my page

Content navigation