Security Bulletin: IBM IMS Enterprise Suite Explorer for Development affected by multiple vulnerabilities in the IBM JRE (CVE-2013-2419, CVE-2013-2394, CVE-2013-2383, CVE-2013-2384, CVE-2013-1569, CVE-2013-2434, CVE-2013-2432, CVE-2013-1491)

Flash (Alert)


Abstract

The IMS Explorer for Development uses the IBM Java Runtime Environment (JRE) and is affected by multiple vulnerabilities in the JRE which can be exploited by a user loading a maliciously crafted font into the system and could result in arbitrary code execution or denial of service. See the links in the references section for a detailed description of each vulnerability.

Content

VULNERABILITY DETAILS:

CVE ID: CVE-2013-2419
CVSS:
CVSS Base Score: 9.3
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/83581 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-2394
CVSS:
CVSS Base Score: 9.3
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/83576 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector:
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2383
CVSS:
CVSS Base Score: 9.3
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/83555 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector:
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2384
CVSS:
CVSS Base Score: 9.3
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/83556 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)


CVE ID: CVE-2013-1569
CVSS:
CVSS Base Score: 9.3
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/83557 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector:
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2434
CVSS:
CVSS Base Score: 9.3
CVSS Temporal Score: See for
http://xforce.iss.net/xforce/xfdb/83558 the current score
CVSS Environmental Score*: Undefined
CVSS Vector:
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2432
CVSS:
CVSS Base Score: 9.3
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/83559 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector:
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-1491
CVSS:
CVSS Base Score: 9.3
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/82820 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector:
(AV:N/AC:M/Au:N/C:C/I:C/A:C)



AFFECTED PRODUCTS:
The stand alone version of IBM IMS Enterprise Suite Explorer for Development V2.2.0.1 and earlier are affected.


REMEDIATION:
The recommended solution is to upgrade the product to the latest version.


FIX:
The vulnerability fixes require upgrading the stand alone version of the product to version 2.2.0.2 or higher. Download the latest stand alone version of IMS Explorer for Development from https://www14.software.ibm.com/webapp/iwm/web/reg/pick.do?source=swg-imsentersuite&lang=en_US

WORKAROUND:
None known.

MITIGATION:
None known.

REFERENCES:
Complete CVSS Guide
http://xforce.iss.net/xforce/xfdb/83576
http://xforce.iss.net/xforce/xfdb/83555
http://xforce.iss.net/xforce/xfdb/83556
http://xforce.iss.net/xforce/xfdb/83557
http://xforce.iss.net/xforce/xfdb/83558
http://xforce.iss.net/xforce/xfdb/83559
http://xforce.iss.net/xforce/xfdb/82820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1491

RELATED INFORMATION:

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog








CHANGE HISTORY:
25 July 2013: Original copy published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.


Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.


Rate this page:

(0 users)Average rating

Document information


More support for:

IMS Enterprise Suite
IMS Explorer for Development

Software version:

2.2

Operating system(s):

Windows

Reference #:

1644961

Modified date:

2013-07-25

Translate my page

Machine Translation

Content navigation