IBM Support

Security Bulletin: DB2 Recovery Expert for Linux, UNIX and Windows is affected by a vulnerability in IBM Java (CVE-2013-5780)

Flashes (Alerts)


Abstract

An unspecified vulnerability in IBM's JRE related to the Libraries component could allow a remote attacker to obtain sensitive information.

Content

VULNERABILITY DETAILS:
CVE ID:
CVE-2013-5780

CVSS:

CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88001
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)


AFFECTED PRODUCTS:


IBM DB2 Recovery Expert for Linux, UNIX, and Windows version 3.1.0.0 through 4.1.0.0


REMEDIATION:


If you are using DB2 Recovery Expert V4.1.0.0, go to IBM Fix Central and download the latest interim fix, IF4.

If you are using any release of DB2 Recovery Expert prior to V4.1.0.0, to remove the security vulnerability, you must replace the IBM JRE that is installed with IBM DB2 Recovery Expert for Linux, UNIX, and Windows with the latest IBM JRE.
Detailed instructions are provided in the technote “Updating the JRE for DB2 Recovery Expert for Linux, UNIX and Windows”. See:
http://www-01.ibm.com/support/docview.wss?uid=swg21644942

For further assistance contact IBM Technical Support.

VENDOR FIX:

Existing customers are recommended to upgrade.

WORKAROUND(S) & MITIGATION(S):

None



REFERENCES:

Complete CVSS Guide
On-line Calculator V2


RELATED INFORMATION:

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog


ACKNOWLEDGEMENT:

None

[{"Product":{"code":"SS8QJD","label":"DB2 Recovery Expert for Linux, UNIX and Windows"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"4.1.0;3.1.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
25 September 2022

UID

swg21663589