Potential security vulnerabilities with JavaTM SDKs

Flash (Alert)


Abstract

Security Bulletin: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs.

Content

VULNERABILITY DETAILS:
Customers who have Java based applications, such as Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions (including Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities), Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, Change and Configuration Management Database, SmartCloud Control Desk, Intelligent Building Management, or TRIRIGA for Energy Optimization are potentially impacted by these vulnerabilities, which can cause issues related to confidentiality, integrity, and availability. For additional information including the most current description and CVSS for each vulnerability, please refer to developerWorks JavaTM Technology Security Alerts.

CVE ID DESCRIPTION
CVE-2012-1541
CVSS Base Score: 10
CVSS Temporal Score: See http:/xforce.iss.net/xforce/xfdb/81761
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability, related to Deployment
CVE-2012-3174
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81200
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors
CVE-2012-3213
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81769
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting
CVE-2012-3342
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/78334
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability, related to Deployment
CVE-2013-0169
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74380
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets
CVE-2013-0351
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81786
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Unspecified vulnerability in JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
CVE-2013-0409
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81793
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Unspecified vulnerability in the JRE allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX
CVE-2013-0419
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81783
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
CVE-2013-0422
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81117
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to execute arbitrary code by (1) using public methods to obtain a reference to a private object, then retrieving arbitrary Class references, and (2) using the Reflection API with recursion in a way that bypasses a security check
CVE-2013-0423
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81784
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
CVE-2013-0424
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81798
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via vectors related to RMI
CVE-2013-0425
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81766
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
CVE-2013-0426
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81767
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
CVE-2013-0427
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81795
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
CVE-2013-0428
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81768
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
CVE-2013-0429
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81782
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component in allows remote attackers to affect confidentiality via vectors related to CORBA
CVE-2013-0431
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81794
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Unspecified vulnerability in the JRE component allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX
CVE-2013-0432
CVSS Base Score: 6.4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81788
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality and integrity via vectors related to AWT
CVE-2013-0433
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81797
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Networking
CVE-2013-0434
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81792
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via vectors related to JAXP
CVE-2013-0435
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81791
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via vectors related to JAX-WS
CVE-2013-0437
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81753
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
CVE-2013-0438
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81800
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via unknown vectors related to Deployment
CVE-2013-0440
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81799
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Unspecified vulnerability in the JRE component allows remote attackers to affect availability via vectors related to JSSE
CVE-2013-0441
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81758
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA
CVE-2013-0442
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81755
CVSS Environmental Score*: Undefined
CVSS Vector: AV:/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
CVE-2013-0443
CVSS Base Score: 4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81801
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality and integrity via vectors related to JSSE
CVE-2013-0444
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81781
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Unspecified vulnerability in JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans
CVE-2013-0445
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81756
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT
CVE-2013-0446
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81762
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
CVE-2013-0449
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81789
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via unknown vectors related to Deployment
CVE-2013-0450
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81764
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX
CVE-2013-0809
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82515
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to execute arbitrary code via unknown vectors
CVE-2013-1473
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81790
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Deployment
CVE-2013-1475
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81759
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA
CVE-2013-1476
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81760
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA
CVE-2013-1478
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81754
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability, related to JMX
CVE-2013-1480
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81757
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D
CVE-2013-1481
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81770
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound
CVE-2013-1484
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82179
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
CVE-2013-1485
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82180
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Libraries
CVE-2013-1486
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82178
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX
CVE-2013-1487
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82177
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment
CVE-2013-1489
CVSS Base Score: 0
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/81802
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:N
Unspecified vulnerability in the JRE component allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user
CVE-2013-1493
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82514
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
The color management (CMM) functionality in the 2D component allows remote attackers to execute arbitrary code or cause a denial of service via an image with crafted raster parameters, which triggers an out-of-bounds read or memory corruption in the JVM

The developerWorks JavaTM Technology Security Alerts includes a link to Oracle's February 2013 Critical Patch Update and March 2013 Security Alert.

VERSIONS AFFECTED:

The following Oracle Java versions, which are not IBM products, are affected:
· Java SE JDK and JRE Version 7 Update 7 and earlier***

· Java SE JDK and JRE Version 6 Update 35 and earlier

· Java SEJDK and JRE Version 5 Update 36 and earlier

· Java SE JDK and JRE Version 1.4.2_38 and earlier


The following IBM Java versions are affected:
· IBM SDK Java Technology Edition Version 7***

· IBM SDK Java Technology Edition Version 6

· IBM SDK Java Technology Edition Version 5

· IBM SDK Java Technology Edition Version 1.4.2

IBM supplied the Java Runtime Environment (JRE) from the IBM SDK Java Technology Edition Versions with the following:

The 6.x versions of Maximo Asset Management, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, Maximo for Utilities, Tivoli Asset Management for IT, and Maximo Service Desk bundled the JRE from IBM SDK Java Technology Edition Version 1.4.2.

The 7.1.x versions of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, Maximo for Utilities, Tivoli Asset Management for IT, Tivoli Service Request Manager, and Tivoli Change and Configuration Management Database bundled the JRE from IBM SDK Java Technology Edition Version 5.

The 7.2.x versions of Tivoli Asset Management for IT, Tivoli Service Request Manager, and Tivoli Change and Configuration Management Database bundled the JRE from IBM SDK Java Technology Edition Version 5.

The 7.5.x versions of Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, Maximo for Utilities, and SmartCloud Control Desk bundled the JRE from IBM SDK Java Technology Edition Version 6.

Intelligent Building Management 1.1.x and TRIRIGA for Energy Optimization 1.2.x bundled the JRE from IBM SDK Java Technology Edition Version 6.

It is likely that earlier versions of affected products are also affected by these vulnerabilities. Remediation is not provided for product versions that are no longer supported. IBM recommends that customers upgrade to the latest supported version of products in order to obtain remediation for the vulnerabilities.

***Please note that the versions of the IBM products listed above do not bundle JRE Version 7 or IBM SDK Java Technology Edition Version 7; however, JRE Version 7 and IBM SDK Java Technology Edition Version 7 are listed here because JRE Version 7 is relatively prevalent on the browser and therefore can potentially impact access to these IBM product versions.

REMEDIATION:

Fix:
There are two areas where the vulnerabilities in the Java SDK/JDK or JRE may require remediation:
1. Application Server – Update the Websphere Application Server. Refer to JDK Fixes for Websphere Application Server for additional information on updating and maintaining the JDK component within Websphere. Customers with Oracle Weblogic Server, which is not an IBM product and is not shipped by IBM, will also want to update their server.
2. Browser Client - Update the Java plug-in used by the browser on client systems, using the remediated JRE version referenced on developerWorks JavaTM Technology Security Alerts or referenced on Oracle’s latest Critical Patch Update (which can be accessed via developerWorks JavaTM Technology Security Alerts). Updating the browser Java plug-in may impact some applets such as Maximo Asset Management Scheduler. Download from IBM FixCentral the latest Maximo Asset Management Scheduler Interim Fix for Version 7.1 or the latest Maximo Asset Management Fix Pack for Version 7.5, which includes the resolution for APAR IV11560.

Due to the threat posed by a successful attack, IBM strongly recommends that customers apply fixes as soon as possible.

Workaround:
Until you apply the fixes, it may be possible to reduce the risk of successful attack by restricting network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from unprivileged users may help reduce the risk of successful attack. Both approaches may break application functionality, so IBM strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.

Mitigation:
None Known


REFERENCES:

Complete CVSS Guide
On-line Calculator V2
X-Force Vulnerability Database
CVE-2012-1541 - http:/xforce.iss.net/xforce/xfdb/81761
CVE-2012-3174 - http://xforce.iss.net/xforce/xfdb/81200
CVE-2012-3213 - http://xforce.iss.net/xforce/xfdb/81769
CVE-2012-3342 - http://xforce.iss.net/xforce/xfdb/78334
CVE-2013-0169 - http://xforce.iss.net/xforce/xfdb/74380
CVE-2013-0351 - http://xforce.iss.net/xforce/xfdb/81786
CVE-2013-0409 - http://xforce.iss.net/xforce/xfdb/81793
CVE-2013-0419 - http://xforce.iss.net/xforce/xfdb/81783
CVE-2013-0422 - http://xforce.iss.net/xforce/xfdb/81117
CVE-2013-0423 - http://xforce.iss.net/xforce/xfdb/81784
CVE-2013-0424 - http://xforce.iss.net/xforce/xfdb/81798
CVE-2013-0425 - http://xforce.iss.net/xforce/xfdb/81766
CVE-2013-0426 - http://xforce.iss.net/xforce/xfdb/81767
CVE-2013-0427 - http://xforce.iss.net/xforce/xfdb/81795
CVE-2013-0428 - http://xforce.iss.net/xforce/xfdb/81768
CVE-2013-0429 - http://xforce.iss.net/xforce/xfdb/81782
CVE-2013-0431 - http://xforce.iss.net/xforce/xfdb/81794
CVE-2013-0432 - http://xforce.iss.net/xforce/xfdb/81788
CVE-2013-0433 - http://xforce.iss.net/xforce/xfdb/81797
CVE-2013-0434 - http://xforce.iss.net/xforce/xfdb/81792
CVE-2013-0435 - http://xforce.iss.net/xforce/xfdb/81791
CVE-2013-0437 - http://xforce.iss.net/xforce/xfdb/81753
CVE-2013-0438 - http://xforce.iss.net/xforce/xfdb/81800
CVE-2013-0440 - http://xforce.iss.net/xforce/xfdb/81799
CVE-2013-0441 - http://xforce.iss.net/xforce/xfdb/81758
CVE-2013-0442 - http://xforce.iss.net/xforce/xfdb/81755
CVE-2013-0443 - http://xforce.iss.net/xforce/xfdb/81801
CVE-2013-0444 - http://xforce.iss.net/xforce/xfdb/81781
CVE-2013-0445 - http://xforce.iss.net/xforce/xfdb/81756
CVE-2013-0446 - http://xforce.iss.net/xforce/xfdb/81762
CVE-2013-0449 - http://xforce.iss.net/xforce/xfdb/81789
CVE-2013-0450 - http://xforce.iss.net/xforce/xfdb/81764
CVE-2013-0809 - http://xforce.iss.net/xforce/xfdb/82515
CVE-2013-1473 - http://xforce.iss.net/xforce/xfdb/81790
CVE-2013-1475 - http://xforce.iss.net/xforce/xfdb/81759
CVE-2013-1476 - http://xforce.iss.net/xforce/xfdb/81760
CVE-2013-1478 - http://xforce.iss.net/xforce/xfdb/81754
CVE-2013-1480 - http://xforce.iss.net/xforce/xfdb/81757
CVE-2013-1481 - http://xforce.iss.net/xforce/xfdb/81770
CVE-2013-1484 - http://xforce.iss.net/xforce/xfdb/82179
CVE-2013-1485 - http://xforce.iss.net/xforce/xfdb/82180
CVE-2013-1486 - http://xforce.iss.net/xforce/xfdb/82178
CVE-2013-1487 - http://xforce.iss.net/xforce/xfdb/82177
CVE-2013-1489 - http://xforce.iss.net/xforce/xfdb/81802
CVE-2013-1493 - http://xforce.iss.net/xforce/xfdb/82514

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

Note:
According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Change History
2 Apr 2013 Flash published

CROSS REFERENCE INFORMATION:

Segment Product Component/Platform Version
Systems and Asset Management Maximo Asset Management All 6.2.0 – 6.2.8
7.1.1.0 – 7.1.1.10
7.5.0.0 – 7.5.0.3
Systems and Asset Management Maximo Asset Management Essentials All 7.1.1.0 – 7.1.1.10
7.5.0.0 – 7.5.0.3
Systems and Asset Management Maximo Asset Management for Energy Optimization All 7.1.0.0 – 7.1.1.0
Systems and Asset Management Maximo for Government All 6.1.0.0
7.1.0.0
Systems and Asset Management Maximo for Nuclear Power All 6.3.0
7.1.0.0 – 7.1.1.0
7.5.0.0 – 7.5.1.0
Systems and Asset Management Maximo for Transportation All 6.3.0
7.1.0.0 – 7.1.1.0
7.5.0.0
Systems and Asset Management Maximo for Life Sciences All 6.4.0 – 6.5.0
7.1.0.0 – 7.1.2.0
7.5.0.0
Systems and Asset Management Maximo for Oil and Gas All 6.3.0 – 6.4.0
7.1.0.0 – 7.1.2.0
7.5.0.0 – 7.5.1.0
Systems and Asset Management Maximo for Utilities All 6.3.0
7.1.0.0 – 7.1.2.0
7.5.0.0
Systems and Asset Management Tivoli Service Request Manager

Maximo Service Desk
All 7.1.0.0 – 7.1.1.10
7.2.0.0 – 7.2.1.3
6.2.0 – 6.2.8
Systems and Asset Management Tivoli Asset Management for IT All 6.2.0 – 6.2.8
7.1.0.0 – 7.1.1.10
7.2.0.0 – 7.2.2.1
Systems and Asset Management Change and Configuration Management Database All 7.1.0.0 – 7.1.1.10
7.2.0.0 – 7.2.1.2
Systems and Asset Management Intelligent Building Management All 1.1.0.0
Systems and Asset Management TRIRIGA for Energy Optimization All 1.2.0.0
Systems and Asset Management SmartCloud Control Desk All 7.5.0.0 – 7.5.1.0


Cross reference information
Segment Product Component Platform Version Edition
Systems and Asset Management IBM Maximo Asset Management Essentials
Systems and Asset Management IBM Maximo Asset Management for Energy Optimization
Systems and Asset Management IBM Maximo for Government
Systems and Asset Management IBM Maximo for Nuclear Power
Systems and Asset Management IBM Maximo for Transportation
Systems and Asset Management IBM Maximo for Life Sciences
Systems and Asset Management IBM Maximo for Oil and Gas
Systems and Asset Management IBM Maximo for Utilities
Systems and Asset Management Tivoli Service Request Manager
Systems and Asset Management Tivoli Asset Management for IT
Systems and Asset Management Tivoli Change and Configuration Management Database
Systems and Asset Management IBM SmartCloud Control Desk
Systems and Asset Management IBM TRIRIGA Energy Optimization

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Maximo Asset Management

Software version:

6.2, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 7.1, 7.1.1, 7.1.2, 7.2, 7.2.1, 7.5

Operating system(s):

Platform Independent

Reference #:

1633170

Modified date:

2013-04-02

Translate my page

Machine Translation

Content navigation