Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE 6.0

News

Abstract

IBM Java Runtime Environment 6.0 SR 13 release containing multiple fixes for CVEs covered in Oracle's Critical Patch Update release of October (2012), January 13, February 1 and February 19 releases (2013) contained in JDK 6.0 SR 10 and earlier

Content

VULNERABILITY DETAILS

CVE ID: CVE-2012-3159,CVE-2012-3216,CVE-2012-5068,CVE-2012-3143,CVE-2012-3143,CVE-2012-5073,CVE-2012-5075,CVE-2012-5083,CVE-2012-5083,CVE-2012-5072,CVE-2012-1531,CVE-2012-5081,CVE-2012-1532,CVE-2012-1533,CVE-2012-5069,CVE-2012-5071,CVE-2012-5084,CVE-2012-5079,CVE-2012-5089,CVE-2012-1541,CVE-2012-3213,CVE-2012-3342,CVE-2013-0351,CVE-2013-0409,CVE-2013-0419,CVE-2013-0423,CVE-2013-0424,CVE-2013-0425,CVE-2013-0426,CVE-2013-0427,CVE-2013-0428,CVE-2013-0432,CVE-2013-0433,CVE-2013-0434,CVE-2013-0435,CVE-2013-0438,CVE-2013-0440,CVE-2013-0441,CVE-2013-0442,CVE-2013-0443,CVE-2013-0445,CVE-2013-0446,CVE-2013-0450,CVE-2013-0809,CVE-2013-1473,CVE-2013-1475,CVE-2013-1476,CVE-2013-1478,CVE-2013-1480,CVE-2013-1481,CVE-2013-1486,CVE-2013-1487,CVE-2013-1493

DESCRIPTION:

IBM WebSphere ILOG JRules and IBM Operational Decision Manager includes a JDK 6.0 SR 4 containing a number of security vulnerabilities listed below:

CVEID: CVE-2012-3159 CVSS Base Score 7.5 CVSS Temporal Score: See X-Force 79424 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVEID: CVE-2012-3216 CVSS Base Score 2.6 CVSS Temporal Score: See X-Force 79436 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:H/Au:N/C:P/I:N/A:N) CVEID: CVE-2012-5068 CVSS Base Score 7.5 CVSS Temporal Score: See X-Force 79425 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVEID: CVE-2012-5070 CVSS Base Score 5 CVSS Temporal Score: See X-Force 79430 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2012-5067 CVSS Base Score 5 CVSS Temporal Score: See X-Force 79429 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2012-3143 CVSS Base Score 10 CVSS Temporal Score: See X-Force 79419 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5076 CVSS Base Score 9.3 CVSS Temporal Score: See X-Force 79418 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5077 CVSS Base Score 2.6 CVSS Temporal Score: See X-Force 79437 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:H/Au:N/C:P/I:N/A:N) CVEID: CVE-2012-5073 CVSS Base Score 5 CVSS Temporal Score: See X-Force 79432 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2012-5074 CVSS Base Score 6.4 CVSS Temporal Score: See X-Force 79426 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:P/I:P/A:N) CVEID: CVE-2012-5075 CVSS Base Score 5 CVSS Temporal Score: See X-Force 79431 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2012-5083 CVSS Base Score 10 CVSS Temporal Score: See X-Force 79412 CVSS Environmental Score undefined CVSS Vector ((AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5072 CVSS Base Score 5 CVSS Temporal Score: See X-Force 79434 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2012-1531 CVSS Base Score 10 CVSS Temporal Score: See X-Force 79413 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5081 CVSS Base Score 5 CVSS Temporal Score: See X-Force 79435 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVEID: CVE-2012-1532 CVSS Base Score 10 CVSS Temporal Score: See X-Force 79417 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-1533 CVSS Base Score 10 CVSS Temporal Score: See X-Force 79416 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5069 CVSS Base Score 5.8 CVSS Temporal Score: See X-Force 79428 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:M/Au:N/C:P/I:P/A:N) CVEID: CVE-2012-5071 CVSS Base Score 6.4 CVSS Temporal Score: See X-Force 79427 CVSS Environmental Score undefined CVSS Vector(AV:N/AC:L/Au:N/C:P/I:P/A:N) CVEID: CVE-2012-5084 CVSS Base Score 7.6 CVSS Temporal Score: See X-Force 79423 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5087 CVSS Base Score 10 CVSS Temporal Score: See X-Force 79415 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5086 CVSS Base Score 10 CVSS Temporal Score: See X-Force 79414 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5079 CVSS Base Score 5 CVSS Temporal Score: See X-Force 79433 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2012-5088 CVSS Base Score 10 CVSS Temporal Score: See X-Force 79420 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-5089 CVSS Base Score 7.6 CVSS Temporal Score: See X-Force 79422 CVSS Environmental Score undefined CVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-1541 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81761 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-1543 CVSS Base Score: 7.6 CVSS Temporal Score: See X-Force 81785 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)	CVEID: CVE-2012-3213 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81769 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-4301 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81775 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2012-4305 CVSS Base Score: 9.3 CVSS Temporal Score: See X-Force 81780 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0351 CVSS Base Score: 7.5 CVSS Temporal Score: See X-Force 81786 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVEID: CVE-2013-0409 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81793 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-0419 CVSS Base Score: 7.6 CVSS Temporal Score: See X-Force 81783 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0423 CVSS Base Score: 7.6 CVSS Temporal Score: See X-Force 81784 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0424 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81798 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-0425 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81766 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0426 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81767 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0427 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81795 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-0428 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81768 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0429 CVSS Base Score: 7.6 CVSS Temporal Score: See X-Force 81782 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0430 CVSS Base Score: 6.9 CVSS Temporal Score: See X-Force 81787 CVSS Environmental Score: Undefined CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0431 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81794 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-0432 CVSS Base Score: 6.4 CVSS Temporal Score: See X-Force 81788 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N) CVEID: CVE-2013-0433 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81797 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-0434 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81792 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-0435 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81791 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-0436 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81771 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0437 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81753 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0438 CVSS Base Score: 4.3 CVSS Temporal Score: See X-Force 81800 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-0439 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81772 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0440 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81799 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVEID: CVE-2013-0441 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81758 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0442 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81755 CVSS Environmental Score: Undefined CVSS Vector: (AV:/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0443 CVSS Base Score: 4 CVSS Temporal Score: See X-Force 81801 CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)	CVEID: CVE-2013-0444 CVSS Base Score: 7.6 CVSS Temporal Score: See X-Force 81781 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0445 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81756 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0446 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81762 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0447 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81773 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-0448 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81796 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-0449 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81789 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2013-0450 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81764 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1472 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81774 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1473 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 81790 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-1474 CVSS Base Score: 9.3 CVSS Temporal Score: See X-Force 81779 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1475 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81759 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1476 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81760 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1477 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81776 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1478 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81754 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1479 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81765 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1480 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81757 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1481 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81770 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1482 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81777 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1483 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 81778 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1484 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 82179 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1485 CVSS Base Score: 5 CVSS Temporal Score: See X-Force 82180 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-1486 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 82178 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1487 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 82177 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1489 CVSS Base Score: 0 CVSS Temporal Score: See X-Force 81802 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:N) CVEID: CVE-2013-0809 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 82515 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-1493 CVSS Base Score: 10 CVSS Temporal Score: See X-Force 82514 CVSS Environmental Score: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

AFFECTED PLATFORMS:
IBM WebSphere ILOG JRules V7.1.1 is affected on Windows system where a JDK is provided.
IBM WebSphere Operational Decision Management V7.5 and IBM Operational Decision Manager V8.0 are affected on all distributed platforms.

REMEDIATION:
Apply the fixes described below

FIX
For IBM WebSphere ILOG JRules V7.1.1.x an interim fix for APAR RS01283 is available from IBM Fix Central: 7.1.1.5-WS-BRMS_JDK-WIN-IF018

For IBM WebSphere Operational Decision Manager v7.5 a fix pack for APAR RS01283 is available from IBM Fix Central: Fix Pack 7.5.0.4

APAR RS01283 is targeted for availability in IBM Operational Decision Manager V8.0.1.1

MITIGATION:
none known

WORKAROUND:
None known; apply fixes

REFERENCES:
Complete CVSS Guide (https://www.first.org/cvss/v2/guide)
On-line Calculator V2 (http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2)

CHANGE HISTORY:
29 Apr 2013: Original Copy
20 Feb 2016: Fix broken link CVSS guide

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY

[{"Product":{"code":"SSQP76","label":"IBM Operational Decision Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Maintenance","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0.1;7.5","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SS6MTS","label":"WebSphere ILOG JRules"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Maintenance","Platform":[{"code":"PF033","label":"Windows"}],"Version":"7.1.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Tips

Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE 6.0

News

Abstract

Content

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?