Security Bulletin: DB2 Recovery Expert for Linux, UNIX and Windows is affected by a vulnerability in IBM Java (CVE-2013-5780)
An unspecified vulnerability in IBM's JRE related to the Libraries component could allow a remote attacker to obtain sensitive information.
CVE ID: CVE-2013-5780
|CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88001
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)
IBM DB2 Recovery Expert for Linux, UNIX, and Windows version 220.127.116.11 through 18.104.22.168
If you are using DB2 Recovery Expert V22.214.171.124, go to IBM Fix Central and download the latest interim fix, IF4.
If you are using any release of DB2 Recovery Expert prior to V126.96.36.199, to remove the security vulnerability, you must replace the IBM JRE that is installed with IBM DB2 Recovery Expert for Linux, UNIX, and Windows with the latest IBM JRE.
Detailed instructions are provided in the technote “Updating the JRE for DB2 Recovery Expert for Linux, UNIX and Windows”. See:
For further assistance contact IBM Technical Support.
Existing customers are recommended to upgrade.
WORKAROUND(S) & MITIGATION(S):
Complete CVSS Guide
On-line Calculator V2
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
More support for:
DB2 Recovery Expert for Linux, UNIX and Windows
Software version: 3.1.0, 4.1.0
Operating system(s): AIX, HP-UX, Linux, Solaris, Windows
Reference #: 1663589
Modified date: 14 September 2015