Flashes (Alerts)
Abstract
DB2® Performance Expert and InfoSphere® Optim™ Performance Manager use the IBM® Java™ Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE.
Content
VULNERABILITY DETAILS:
CVE ID:
CVE-2012-1720
DESCRIPTION:
An unspecified vulnerability in the JRE component allows local users to affect confidentiality, integrity, and availability through unknown vectors related to Networking.
CVSS:
CVSS Base Score: 3.7
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/76250
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
AFFECTED PRODUCTS:
IBM DB2 Performance Expert for Multiplatforms 3.1 through 3.1.2
IBM DB2 Performance Expert for Linux, UNIX, and Windows 3.2 through 3.2.3
Optim Performance Manager for DB2 on Linux, UNIX, and Windows 4.1.0.1 through 4.1.1
IBM InfoSphere Optim Performance Manager for DB2 on Linux, UNIX, and Windows 5.1 through 5.1.1.1
This vulnerability affects these products only when running on Sun Solaris systems. All other supported platforms are unaffected.
REMEDIATION:
To overcome the security vulnerability, you must upgrade the IBM JRE. To upgrade the IBM JRE, perform an upgrade installation to the next version or an APAR fix level that contains the fix.
| Affected VRMF | Fix VRMF | APAR | Download URL |
| 4.1.0.1 through 4.1.1 | 4.1.1.1 | IC89834 | http://www-933.ibm.com/support/fixcentral/ |
| 5.1 through 5.1.1.1 | 5.1.1.1 | IC89844 | http://www-933.ibm.com/support/fixcentral/ |
For affected versions for which no fix is listed, contact IBM Software Support.
WORKAROUND(S):
None
MITIGATION(S):
None
VULNERABILITY DETAILS:
CVE ID:
CVE-2012-5081
DESCRIPTION:
Unspecified vulnerability allows remote attackers to affect availability related to JSSE.
CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/79435
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
AFFECTED PRODUCTS:
IBM DB2 Performance Expert for Multiplatforms 3.1 through 3.1.2
IBM DB2 Performance Expert for Linux, UNIX, and Windows 3.2 through 3.2.3
Optim Performance Manager for DB2 on Linux, UNIX, and Windows 4.1.0.1 through 4.1.1
IBM InfoSphere Optim Performance Manager for DB2 on Linux, UNIX, and Windows 5.1 through 5.2
REMEDIATION:
To overcome the security vulnerability, you must upgrade the IBM JRE. To upgrade the IBM JRE, perform an upgrade installation to the next version or an APAR fix level that contains the fix.
| Affected VRMF | Fix VRMF | APAR | Download URL |
| 4.1.0.1 through 4.1.1 | 4.1.1.1 | IC89834 | http://www-933.ibm.com/support/fixcentral/ |
| 5.1 through 5.1.1.1 | 5.1.1.1 | IC89844 | http://www-933.ibm.com/support/fixcentral/ |
| 5.2 | 5.2 | IC89851 | http://www-933.ibm.com/support/fixcentral/ |
For affected versions for which no fix is listed, contact IBM Software Support.
WORKAROUND(S):
None
MITIGATION(S):
None
REFERENCES:
CVSS Documentation (http://www.first.org/cvss)
On-line Calculator V2 (http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2)
X-Force Vulnerability Database (https://exchange.xforce.ibmcloud.com/vulnerabilities/79435)
CVE-2012-5081 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081)
X-Force Vulnerability Database (https://exchange.xforce.ibmcloud.com/vulnerabilities/76250)
CVE-2012-1720 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081)
RELATED INFORMATION:
IBM Secure Engineering Web Portal (http://www-03.ibm.com/security/secure-engineering/)
IBM Product Security Incident Response Blog (https://www.ibm.com/blogs/psirt)
CHANGE HISTORY:
02/25/2013 Original Copy Published
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
swg21626504