Security Bulletin: Multiple vulnerabilities in IBM DB2 Performance Expert and IBM InfoSphere Optim Performance Manager due to vulnerabilities in IBM Java Runtime Environment (CVE-2012-1720, CVE-2012-5081).

Flash (Alert)


Abstract

DB2® Performance Expert and InfoSphere® Optim™ Performance Manager use the IBM® Java™ Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE.

Content

VULNERABILITY DETAILS:

CVE ID:
CVE-2012-1720

DESCRIPTION:
An unspecified vulnerability in the JRE component allows local users to affect confidentiality, integrity, and availability through unknown vectors related to Networking.

CVSS:
CVSS Base Score: 3.7
CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/76250
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

AFFECTED PRODUCTS:
IBM DB2 Performance Expert for Multiplatforms 3.1 through 3.1.2
IBM DB2 Performance Expert for Linux, UNIX, and Windows 3.2 through 3.2.3
Optim Performance Manager for DB2 on Linux, UNIX, and Windows 4.1.0.1 through 4.1.1
IBM InfoSphere Optim Performance Manager for DB2 on Linux, UNIX, and Windows 5.1 through 5.1.1.1

This vulnerability affects these products only when running on Sun Solaris systems. All other supported platforms are unaffected.


REMEDIATION:
To overcome the security vulnerability, you must upgrade the IBM JRE. To upgrade the IBM JRE, perform an upgrade installation to the next version or an APAR fix level that contains the fix.

Affected
VRMF
Fix
VRMF
APAR Download URL
4.1.0.1 through 4.1.1 4.1.1.1 IC89834 http://www-933.ibm.com/support/fixcentral/
5.1 through 5.1.1.1 5.1.1.1 IC89844 http://www-933.ibm.com/support/fixcentral/

For affected versions for which no fix is listed, contact IBM Software Support.


WORKAROUND(S):
None

MITIGATION(S):
None

VULNERABILITY DETAILS:

CVE ID:
CVE-2012-5081

DESCRIPTION:
Unspecified vulnerability allows remote attackers to affect availability related to JSSE.

CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/79435
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

AFFECTED PRODUCTS:
IBM DB2 Performance Expert for Multiplatforms 3.1 through 3.1.2
IBM DB2 Performance Expert for Linux, UNIX, and Windows 3.2 through 3.2.3
Optim Performance Manager for DB2 on Linux, UNIX, and Windows 4.1.0.1 through 4.1.1
IBM InfoSphere Optim Performance Manager for DB2 on Linux, UNIX, and Windows 5.1 through 5.2

REMEDIATION:
To overcome the security vulnerability, you must upgrade the IBM JRE. To upgrade the IBM JRE, perform an upgrade installation to the next version or an APAR fix level that contains the fix.

Affected
VRMF
Fix
VRMF
APAR Download URL
4.1.0.1 through 4.1.1 4.1.1.1 IC89834 http://www-933.ibm.com/support/fixcentral/
5.1 through 5.1.1.1 5.1.1.1 IC89844 http://www-933.ibm.com/support/fixcentral/
5.2 5.2 IC89851 http://www-933.ibm.com/support/fixcentral/

For affected versions for which no fix is listed, contact IBM Software Support.

WORKAROUND(S):
None

MITIGATION(S):
None

REFERENCES:
Complete CVSS Guide ( www.first.org/cvss/cvss-guide.html)
On-line Calculator V2 ( http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2)
X-Force Vulnerability Database ( http://xforce.iss.net/xforce/xfdb/79435)
CVE-2012-5081 ( http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081)
X-Force Vulnerability Database ( http://xforce.iss.net/xforce/xfdb/76250)
CVE-2012-1720 ( http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081)


RELATED INFORMATION:
IBM Secure Engineering Web Portal ( http://www-03.ibm.com/security/secure-engineering/)

IBM Product Security Incident Response Blog ( https://www.ibm.com/blogs/PSIRT)

CHANGE HISTORY:
02/25/2013 Original Copy Published

Rate this page:

(0 users)Average rating

Document information


More support for:

InfoSphere Optim Performance Manager

Software version:

4.1, 5.1, 5.1.1, 5.1.1.1

Operating system(s):

Solaris

Reference #:

1626504

Modified date:

2013-02-25

Translate my page

Machine Translation

Content navigation