IBM Support

Security Bulletin: IBM InfoSphere Master Data Management Reference Data Management – Java CPU Feb 2013 (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

News


Abstract

Multiple security vulnerabilities exist in the IBM Java SDK shipped with IBM WebSphere Application Server that affects IBM InfoSphere Master Data Management versions 10.0.0, 10.1.0,and 11.0.0

Content

VULNERABILITY DETAILS:

CVE-2013-0440 - Unspecified vulnerability in Java Runtime Environment allows remote attackers to affect availability via vectors related to JSSE.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81799
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2013-0443 - Unspecified vulnerability in Java Runtime Environment allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81801
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVE-2013-0169 - The TLS protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81902
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)


AFFECTED PRODUCTS:

IBM InfoSphere Master Data Management Reference Data Management Hub versions 10.0.0.0, 10.1.0.0, 11.0.0.0


REMEDIATION:

· For IBM InfoSphere Master Data Management Reference Data Management Hub version v10.0.0 using IBM WebSphere Application Server V7.0.0.0 through 7.0.0.27
o Apply Interim Fix PM80757: This will upgrade your system to SDK 6 SR13 +IV36426+IV37419+IV37656+IV38029

· For IBM InfoSphere Master Data Management Reference Data Management Hub version v10.1.0. using IBM WebSphere Application Server V8.0.0.0 through 8.0.0.5:
o Apply Interim Fix PM80758: This will upgrade your system to SDK 6 (J9 2.6) SR5 +IV36426+IV37419+IV37656+IV38029

· For IBM InfoSphere Master Data Management Reference Data Management Hub version v11.0.0.0 using IBM WebSphere Application Server V8.5.0.2
o Apply Interim Fix PM86919: Will upgrade you to SDK 6 (J9 2.6) SR5 +IV36426+IV37419+IV37656+IV38029

VENDOR FIX(ES)

Fix*VRMFTDS Remote Code Vulnerability APARDownload URL
7.0.0.0-WS-WASJavaSDK-<Platform>-IFPM807577.0.0.0PM80757http://www-01.ibm.com/support/docview.wss?uid=swg24034443
8.0.0.0-WS-WASJavaSDK-<Platform>-IFPM807588.0.0.0PM80758http://www-01.ibm.com/support/docview.wss?uid=swg24034447
8.5.0.0-WS-WASJavaSDK-<Platform>-IFPM869198.5.0.0PM86919http://www-01.ibm.com/support/docview.wss?uid=swg24034798


WORKAROUND(S):
· None known, apply fixes

MITIGATION(S):
· None known


REFERENCES:
· Complete CVSS Guide
· On-line Calculator V2
· X-Force Vulnerability Database
· CVE-2013-0440, https://exchange.xforce.ibmcloud.com/vulnerabilities/81799
· CVE-2013-0443, https://exchange.xforce.ibmcloud.com/vulnerabilities/81801
· CVE-2013-0169, https://exchange.xforce.ibmcloud.com/vulnerabilities/81902

[{"Product":{"code":"SSWSR9","label":"IBM InfoSphere Master Data Management"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"10.0;10.1;11.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SSFV65","label":"InfoSphere Master Data Management Reference Data Management Hub"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"10.0;10.1;11.0","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
25 September 2022

UID

swg21640795