Flashes (Alerts)
Abstract
An unspecified vulnerability in IBM's JRE related to the Libraries component could allow a remote attacker to obtain sensitive information.
Content
VULNERABILITY DETAILS:
CVE ID: CVE-2013-5780
CVSS:
CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88001 CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N) |
AFFECTED PRODUCTS:
IBM DB2 Recovery Expert for Linux, UNIX, and Windows version 3.1.0.0 through 4.1.0.0
REMEDIATION:
If you are using DB2 Recovery Expert V4.1.0.0, go to IBM Fix Central and download the latest interim fix, IF4.
If you are using any release of DB2 Recovery Expert prior to V4.1.0.0, to remove the security vulnerability, you must replace the IBM JRE that is installed with IBM DB2 Recovery Expert for Linux, UNIX, and Windows with the latest IBM JRE.
Detailed instructions are provided in the technote “Updating the JRE for DB2 Recovery Expert for Linux, UNIX and Windows”. See:
http://www-01.ibm.com/support/docview.wss?uid=swg21644942
For further assistance contact IBM Technical Support.
VENDOR FIX:
Existing customers are recommended to upgrade.
WORKAROUND(S) & MITIGATION(S):
None
REFERENCES:
Complete CVSS Guide
On-line Calculator V2
RELATED INFORMATION:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
ACKNOWLEDGEMENT:
None
[{"Product":{"code":"SS8QJD","label":"DB2 Recovery Expert for Linux, UNIX and Windows"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"4.1.0;3.1.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
swg21663589