Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE 6.0

Flash (Alert)


Abstract

IBM Java Runtime Environment 6.0 SR 13 release containing multiple fixes for CVEs covered in Oracle's Critical Patch Update release of October (2012), January 13, February 1 and February 19 releases (2013) contained in JDK 6.0 SR 10 and earlier

Content

VULNERABILITY DETAILS

CVE ID: CVE-2012-3159,CVE-2012-3216,CVE-2012-5068,CVE-2012-3143,CVE-2012-3143,CVE-2012-5073,CVE-2012-5075,CVE-2012-5083,CVE-2012-5083,CVE-2012-5072,CVE-2012-1531,CVE-2012-5081,CVE-2012-1532,CVE-2012-1533,CVE-2012-5069,CVE-2012-5071,CVE-2012-5084,CVE-2012-5079,CVE-2012-5089,CVE-2012-1541,CVE-2012-3213,CVE-2012-3342,CVE-2013-0351,CVE-2013-0409,CVE-2013-0419,CVE-2013-0423,CVE-2013-0424,CVE-2013-0425,CVE-2013-0426,CVE-2013-0427,CVE-2013-0428,CVE-2013-0432,CVE-2013-0433,CVE-2013-0434,CVE-2013-0435,CVE-2013-0438,CVE-2013-0440,CVE-2013-0441,CVE-2013-0442,CVE-2013-0443,CVE-2013-0445,CVE-2013-0446,CVE-2013-0450,CVE-2013-0809,CVE-2013-1473,CVE-2013-1475,CVE-2013-1476,CVE-2013-1478,CVE-2013-1480,CVE-2013-1481,CVE-2013-1486,CVE-2013-1487,CVE-2013-1493

DESCRIPTION:

IBM WebSphere ILOG JRules and IBM Operational Decision Manager includes a JDK 6.0 SR 4 containing a number of security vulnerabilities listed below:



CVEID: CVE-2012-3159
CVSS Base Score 7.5
CVSS Temporal Score: See X-Force 79424
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2012-3216
CVSS Base Score 2.6
CVSS Temporal Score: See X-Force 79436
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVEID: CVE-2012-5068
CVSS Base Score 7.5
CVSS Temporal Score: See X-Force 79425
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2012-5070
CVSS Base Score 5
CVSS Temporal Score: See X-Force 79430
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2012-5067
CVSS Base Score 5
CVSS Temporal Score: See X-Force 79429
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2012-3143
CVSS Base Score 10
CVSS Temporal Score: See X-Force 79419
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-5076
CVSS Base Score 9.3
CVSS Temporal Score: See X-Force 79418
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-5077
CVSS Base Score 2.6
CVSS Temporal Score: See X-Force 79437
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVEID: CVE-2012-5073
CVSS Base Score 5
CVSS Temporal Score: See X-Force 79432
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2012-5074
CVSS Base Score 6.4
CVSS Temporal Score: See X-Force 79426
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVEID: CVE-2012-5075
CVSS Base Score 5
CVSS Temporal Score: See X-Force 79431
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2012-5083
CVSS Base Score 10
CVSS Temporal Score: See X-Force 79412
CVSS Environmental Score undefined
CVSS Vector ((AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-5072
CVSS Base Score 5
CVSS Temporal Score: See X-Force 79434
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2012-1531
CVSS Base Score 10
CVSS Temporal Score: See X-Force 79413
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-5081
CVSS Base Score 5
CVSS Temporal Score: See X-Force 79435
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2012-1532
CVSS Base Score 10
CVSS Temporal Score: See X-Force 79417
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-1533
CVSS Base Score 10
CVSS Temporal Score: See X-Force 79416
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-5069
CVSS Base Score 5.8
CVSS Temporal Score: See X-Force 79428
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVEID: CVE-2012-5071
CVSS Base Score 6.4
CVSS Temporal Score: See X-Force 79427
CVSS Environmental Score undefined
CVSS Vector(AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVEID: CVE-2012-5084
CVSS Base Score 7.6
CVSS Temporal Score: See X-Force 79423
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-5087
CVSS Base Score 10
CVSS Temporal Score: See X-Force 79415
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-5086
CVSS Base Score 10
CVSS Temporal Score: See X-Force 79414
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-5079
CVSS Base Score 5
CVSS Temporal Score: See X-Force 79433
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2012-5088
CVSS Base Score 10
CVSS Temporal Score: See X-Force 79420
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-5089
CVSS Base Score 7.6
CVSS Temporal Score: See X-Force 79422
CVSS Environmental Score undefined
CVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-1541
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81761
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-1543
CVSS Base Score: 7.6
CVSS Temporal Score: See X-Force 81785
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-3213
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81769
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-4301
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81775
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2012-4305
CVSS Base Score: 9.3
CVSS Temporal Score: See X-Force 81780
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0351
CVSS Base Score: 7.5
CVSS Temporal Score: See X-Force 81786
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2013-0409
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81793
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-0419
CVSS Base Score: 7.6
CVSS Temporal Score: See X-Force 81783
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0423
CVSS Base Score: 7.6
CVSS Temporal Score: See X-Force 81784
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0424
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81798
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-0425
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81766
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0426
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81767
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0427
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81795
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-0428
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81768
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0429
CVSS Base Score: 7.6
CVSS Temporal Score: See X-Force 81782
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0430
CVSS Base Score: 6.9
CVSS Temporal Score: See X-Force 81787
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0431
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81794
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-0432
CVSS Base Score: 6.4
CVSS Temporal Score: See X-Force 81788
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVEID: CVE-2013-0433
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81797
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-0434
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81792
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-0435
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81791
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-0436
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81771
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0437
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81753
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0438
CVSS Base Score: 4.3
CVSS Temporal Score: See X-Force 81800
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-0439
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81772
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0440
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81799
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2013-0441
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81758
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0442
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81755
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0443
CVSS Base Score: 4
CVSS Temporal Score: See X-Force 81801
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2013-0444
CVSS Base Score: 7.6
CVSS Temporal Score: See X-Force 81781
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0445
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81756
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0446
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81762
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0447
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81773
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0448
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81796
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-0449
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81789
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-0450
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81764
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1472
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81774
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1473
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 81790
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-1474
CVSS Base Score: 9.3
CVSS Temporal Score: See X-Force 81779
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1475
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81759
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1476
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81760
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1477
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81776
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1478
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81754
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1479
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81765
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1480
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81757
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1481
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81770
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1482
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81777
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1483
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 81778
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1484
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 82179
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1485
CVSS Base Score: 5
CVSS Temporal Score: See X-Force 82180
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-1486
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 82178
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1487
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 82177
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1489
CVSS Base Score: 0
CVSS Temporal Score: See X-Force 81802
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:N)

CVEID: CVE-2013-0809
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 82515
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1493
CVSS Base Score: 10
CVSS Temporal Score: See X-Force 82514
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)


*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.


AFFECTED PLATFORMS:
IBM WebSphere ILOG JRules V7.1.1 is affected on Windows system where a JDK is provided.
IBM WebSphere Operational Decision Management V7.5 and IBM Operational Decision Manager V8.0 are affected on all distributed platforms.

REMEDIATION:
Apply the fixes described below

FIX
For IBM WebSphere ILOG JRules V7.1.1.x an interim fix for APAR RS01283 is available from IBM Fix Central: 7.1.1.5-WS-BRMS_JDK-WIN-IF018

For IBM WebSphere Operational Decision Manager v7.5 a fix pack for APAR RS01283 is available from IBM Fix Central: Fix Pack 7.5.0.4

APAR RS01283 is targeted for availability in IBM Operational Decision Manager V8.0.1.1

MITIGATION:
none known

WORKAROUND:
None known; apply fixes

REFERENCES:
Complete CVSS Guide ( http://www.first.org/cvss/cvss-guide.html)
On-line Calculator V2 ( http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2)


CHANGE HISTORY:
29 Apr 2013: Original Copy

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY


Cross reference information
Segment Product Component Platform Version Edition
Business Integration WebSphere ILOG JRules Maintenance Windows 7.1.1

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Operational Decision Manager
Maintenance

Software version:

7.5, 8.0.1

Operating system(s):

Platform Independent

Reference #:

1635864

Modified date:

2013-05-03

Translate my page

Machine Translation

Content navigation