IBM Support

Security Bulletin: CICS Deployment Assistant for z/OS 5.1

Flash (Alert)


Abstract

A security vulnerability may exist in the Java™ Runtime Environments (JREs) used on z/OS by CICS Deployment Assistant for z/OS (CICS DA) V5.1. You will need to evaluate your own usage of CICS DA to determine if you are vulnerable.


The content included here will also be available in an update to the CICS DA documentation.

Content

Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality and integrity using vectors related to Java Secure Socket Extension (JSSE).

CVSS Base Score: 4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90357 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/H:Au/N:C/P:I/P:A/N)

AFFECTED PRODUCTS AND VERSIONS:

CICS Deployment Assistant for z/OS V5.1.

REMEDIATION:
Upgrade the JRE being used by CICS DA server. The recommended versions of the JRE to use are:

Java SDK 6.0.1 SR7-FP1
Java SDK 7 SR6-FP1 or 7R1 SR1
or later.

Updated JREs can be found under Products for Java Technology Edition.


Workaround(s):

None

Mitigation(s):
None

RELATED INFORMATION:
SYMBOL 183 \f "Symbol" \s 12 Complete CVSS Guide
SYMBOL 183 \f "Symbol" \s 12 On-line Calculator V2


Cross reference information
Segment Product Component Platform Version Edition
Host Transaction Processing CICS Transaction Server Security z/OS 5.1, 4.2, 4.1, 3.2, 3.1

Product Alias/Synonym

CICSDA CICS DA

Document information

More support for: CICS Deployment Assistant for z/OS
Security

Software version: 5.1

Operating system(s): z/OS

Reference #: 1671943

Modified date: 01 May 2014


Translate this page: