An unspecified vulnerability in IBM's JRE related to the Libraries component could allow a remote attacker to obtain sensitive information.
CVE ID: CVE-2013-5780
|CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88001
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)
IBM DB2 Recovery Expert for Linux, UNIX, and Windows version 188.8.131.52 through 184.108.40.206
If you are using DB2 Recovery Expert V220.127.116.11, go to IBM Fix Central and download the latest interim fix, IF4.
If you are using any release of DB2 Recovery Expert prior to V18.104.22.168, to remove the security vulnerability, you must replace the IBM JRE that is installed with IBM DB2 Recovery Expert for Linux, UNIX, and Windows with the latest IBM JRE.
Detailed instructions are provided in the technote “Updating the JRE for DB2 Recovery Expert for Linux, UNIX and Windows”. See:
For further assistance contact IBM Technical Support.
Existing customers are recommended to upgrade.
WORKAROUND(S) & MITIGATION(S):
Complete CVSS Guide
On-line Calculator V2
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog