Security Bulletin: DB2 Recovery Expert for Linux, UNIX and Windows is affected by a vulnerability in IBM Java (CVE-2013-5780)

Flash (Alert)


Abstract

An unspecified vulnerability in IBM's JRE related to the Libraries component could allow a remote attacker to obtain sensitive information.

Content

VULNERABILITY DETAILS:
CVE ID:
CVE-2013-5780

CVSS:

CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88001
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)


AFFECTED PRODUCTS:


IBM DB2 Recovery Expert for Linux, UNIX, and Windows version 3.1.0.0 through 4.1.0.0


REMEDIATION:


If you are using DB2 Recovery Expert V4.1.0.0, go to IBM Fix Central and download the latest interim fix, IF4.

If you are using any release of DB2 Recovery Expert prior to V4.1.0.0, to remove the security vulnerability, you must replace the IBM JRE that is installed with IBM DB2 Recovery Expert for Linux, UNIX, and Windows with the latest IBM JRE.
Detailed instructions are provided in the technote “Updating the JRE for DB2 Recovery Expert for Linux, UNIX and Windows”. See:
http://www-01.ibm.com/support/docview.wss?uid=swg21644942

For further assistance contact IBM Technical Support.

VENDOR FIX:

Existing customers are recommended to upgrade.

WORKAROUND(S) & MITIGATION(S):

None



REFERENCES:

Complete CVSS Guide
On-line Calculator V2


RELATED INFORMATION:

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog


ACKNOWLEDGEMENT:

None

Rate this page:

(0 users)Average rating

Document information


More support for:

DB2 Recovery Expert for Linux, UNIX and Windows

Software version:

3.1.0, 4.1.0

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows

Reference #:

1663589

Modified date:

2014-02-03

Translate my page

Machine Translation

Content navigation