IBM Support

Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE

Flashes (Alerts)


Abstract

This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment (JRE) included in IBM Operational Decision Manager and IBM ILOG JRules. IBM ODM and ILOG JRules now include the most recent version of the IBM JRE which fixes the security vulnerabilities reported in Oracle's Critical Patch Update releases of April and June 2013.

Content

VULNERABILITY DETAILS

CVE ID: CVE-2013-0169,CVE-2013-0401,CVE-2013-1488,CVE-2013-1491,CVE-2013-1500,CVE-2013-1518,CVE-2013-1537,CVE-2013-1540,CVE-2013-1557,CVE-2013-1558,CVE-2013-1563,CVE-2013-1569,CVE-2013-1571,CVE-2013-2383,CVE-2013-2384,CVE-2013-2394,CVE-2013-2400,CVE-2013-2407,CVE-2013-2407,CVE-2013-2412,CVE-2013-2415,CVE-2013-2416,CVE-2013-2417,CVE-2013-2418,CVE-2013-2419,CVE-2013-2420,CVE-2013-2421,CVE-2013-2422,CVE-2013-2423,CVE-2013-2424,CVE-2013-2426,CVE-2013-2429,CVE-2013-2430,CVE-2013-2432,CVE-2013-2433,CVE-2013-2434,CVE-2013-2435,CVE-2013-2436,CVE-2013-2437,CVE-2013-2438,CVE-2013-2440,CVE-2013-2442,CVE-2013-2443,CVE-2013-2444,CVE-2013-2446,CVE-2013-2447,CVE-2013-2448,CVE-2013-2449,CVE-2013-2450,CVE-2013-2451,CVE-2013-2452,CVE-2013-2453,CVE-2013-2454,CVE-2013-2455,CVE-2013-2456,CVE-2013-2457,CVE-2013-2458,CVE-2013-2459,CVE-2013-2460,CVE-2013-2462,CVE-2013-2463,CVE-2013-2464,CVE-2013-2465,CVE-2013-2466,CVE-2013-2468,CVE-2013-2469,CVE-2013-2470,CVE-2013-2471,CVE-2013-2472,CVE-2013-2473,CVE-2013-3006,CVE-2013-3007,CVE-2013-3008,CVE-2013-3009,CVE-2013-3010,CVE-2013-3011,CVE-2013-3012,CVE-2013-3743,CVE-2013-3744,CVE-2013-4002

DESCRIPTION:

IBM WebSphere ILOG JRules v7.1, IBM WebSphere Operational Decision Management v7.5 and IBM Operational Decision Manager v8.0 are now shipped with IBM JRE 6.0 SR 14.

IBM Operational Decision Manager v8.5 is shipped with IBM JRE 7 SR 5.

The table below contains the list of security vulnerabilities addressed:





CVEID: CVE-2013-0401
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 82823
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-0402
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 82822
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1488
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 82821
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1491
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 82820
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1500
CVSS Base Score: 3.6
CVSS Temporal Score See X-Force 85062
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N)

CVEID: CVE-2013-1518
CVSS Base Score: 10
CVSS Temporal Score See X-Force 83566
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1537
CVSS Base Score: 10
CVSS Temporal Score See X-Force 83571
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1540
CVSS Base Score: 4.3
CVSS Temporal Score See X-Force 83590
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-1557
CVSS Base Score: 10
CVSS Temporal Score See X-Force 83572
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1558
CVSS Base Score: 10
CVSS Temporal Score See X-Force 83561
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1561
CVSS Base Score: 5
CVSS Temporal Score See X-Force 83583
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-1563
CVSS Base Score: 7.6
CVSS Temporal Score See X-Force 83579
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1564
CVSS Base Score: 5
CVSS Temporal Score See X-Force 83584
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-1569
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 83557
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-1571
CVSS Base Score: 4.3
CVSS Temporal Score See X-Force 84715
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-2383
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 83555
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2384
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 83556
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2394
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 83576
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2400
CVSS Base Score: 5
CVSS Temporal Score See X-Force 85050
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-2407
CVSS Base Score: 6.4
CVSS Temporal Score See X-Force 85044
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVEID: CVE-2013-2412
CVSS Base Score: 5
CVSS Temporal Score See X-Force 85059
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-2414
CVSS Base Score: 10
CVSS Temporal Score See X-Force 83567
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2415
CVSS Base Score: 2.1
CVSS Temporal Score See X-Force 83592
CVSS Environmental Score*: Undefined
CVSS Vector (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-2416
CVSS Base Score: 4.3
CVSS Temporal Score See X-Force 83588
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-2417
CVSS Base Score: 5
CVSS Temporal Score See X-Force 83586
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2013-2418
CVSS Base Score: 4.6
CVSS Temporal Score See X-Force 83587
CVSS Environmental Score*: Undefined
CVSS Vector (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2013-2419
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 83581
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2420
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 83560
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2421
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 83573
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2422
CVSS Base Score: 10
CVSS Temporal Score See X-Force 83570
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2423
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 83591
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2424
CVSS Base Score: 5
CVSS Temporal Score See X-Force 83582
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-2425
CVSS Base Score: 10
CVSS Temporal Score See X-Force 83565
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2426
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 83574
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2427
CVSS Base Score: 10
CVSS Temporal Score See X-Force 83569
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2428
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 83568
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2429
CVSS Base Score: 7.6
CVSS Temporal Score See X-Force 83578
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2430
CVSS Base Score: 7.6
CVSS Temporal Score See X-Force 83577
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2431
CVSS Base Score: 10
CVSS Temporal Score See X-Force 83564
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2432
CVSS Base Score: 10
CVSS Temporal Score See X-Force 83559
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2433
CVSS Base Score: 4.3
CVSS Temporal Score See X-Force 83589
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-2434
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 83558
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2435
CVSS Base Score: 10
CVSS Temporal Score See X-Force 83563
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2436
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 83575
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2437
CVSS Base Score: 5
CVSS Temporal Score See X-Force 85049
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-2438
CVSS Base Score: 5
CVSS Temporal Score See X-Force 83585
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-2439
CVSS Base Score: 6.9
CVSS Temporal Score See X-Force 83580
CVSS Environmental Score*: Undefined
CVSS Vector (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2440
CVSS Base Score: 10
CVSS Temporal Score See X-Force 83562
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2442
CVSS Base Score: 7.5
CVSS Temporal Score See X-Force 85041
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2013-2443
CVSS Base Score: 5
CVSS Temporal Score See X-Force 85054
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-2444
CVSS Base Score: 5
CVSS Temporal Score See X-Force 85047
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2013-2445
CVSS Base Score: 7.8
CVSS Temporal Score See X-Force 85039
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVEID: CVE-2013-2446
CVSS Base Score: 5
CVSS Temporal Score See X-Force 85048
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-2447
CVSS Base Score: 5
CVSS Temporal Score See X-Force 85056
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-2448
CVSS Base Score: 7.6
CVSS Temporal Score See X-Force 85040
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2449
CVSS Base Score: 4.3
CVSS Temporal Score See X-Force 85060
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-2450
CVSS Base Score: 5
CVSS Temporal Score See X-Force 85057
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2013-2451
CVSS Base Score: 3.7
CVSS Temporal Score See X-Force 85061
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P)

CVEID: CVE-2013-2452
CVSS Base Score: 5
CVSS Temporal Score See X-Force 85055
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-2453
CVSS Base Score: 5
CVSS Temporal Score See X-Force 85053
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-2454
CVSS Base Score: 5.8
CVSS Temporal Score See X-Force 85045
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVEID: CVE-2013-2455
CVSS Base Score: 5
CVSS Temporal Score See X-Force 84146
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-2456
CVSS Base Score: 5
CVSS Temporal Score See X-Force 85058
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2013-2457
CVSS Base Score: 5
CVSS Temporal Score See X-Force 85052
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-2458
CVSS Base Score: 5.8
CVSS Temporal Score See X-Force 85046
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVEID: CVE-2013-2459
CVSS Base Score: 10
CVSS Temporal Score See X-Force 85033
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2460
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 85038
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2461
CVSS Base Score: 7.5
CVSS Temporal Score See X-Force 85042
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2013-2462
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 85037
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2463
CVSS Base Score: 10
CVSS Temporal Score See X-Force 85029
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2464
CVSS Base Score: 10
CVSS Temporal Score See X-Force 85030
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2465
CVSS Base Score: 10
CVSS Temporal Score See X-Force 85031
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2466
CVSS Base Score: 10
CVSS Temporal Score See X-Force 85035
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2467
CVSS Base Score: 6.9
CVSS Temporal Score See X-Force 85043
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2468
CVSS Base Score: 10
CVSS Temporal Score See X-Force 85034
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2469
CVSS Base Score: 10
CVSS Temporal Score See X-Force 85032
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2470
CVSS Base Score: 10
CVSS Temporal Score See X-Force 85025
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2471
CVSS Base Score: 10
CVSS Temporal Score See X-Force 85026
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2472
CVSS Base Score: 10
CVSS Temporal Score See X-Force 85027
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-2473
CVSS Base Score: 10
CVSS Temporal Score See X-Force 85028
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-3006
CVSS Base Score: 9.3
CVSS Temporal Score: See X-Force 84147
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-3007
CVSS Base Score: 9.3
CVSS Temporal Score: See X-Force 84148
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-3008
CVSS Base Score: 9.3
CVSS Temporal Score: See X-Force 84149
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-3009
CVSS Base Score: 9.3
CVSS Temporal Score: See X-Force 84150
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-3010
CVSS Base Score: 9.3
CVSS Temporal Score: See X-Force 84151
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-3011
CVSS Base Score: 9.3
CVSS Temporal Score: See X-Force 84152
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-3012
CVSS Base Score: 9.3
CVSS Temporal Score: See X-Force 84153
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-3743
CVSS Base Score: 9.3
CVSS Temporal Score See X-Force 85036
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-3744
CVSS Base Score: 5
CVSS Temporal Score See X-Force 85051
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-4002
CVSS Base Score: 7.1
CVSS Temporal Score: See X-Force 85260
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)



*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.


AFFECTED PLATFORMS:
IBM WebSphere ILOG JRules V7.1 is affected on Windows system where an IBM JRE is provided.
IBM WebSphere Operational Decision Management V7.5 and IBM Operational Decision Manager V8.0 and v8.5 are affected on all distributed platforms.

REMEDIATION:
Apply the fixes described below

FIX

For IBM WebSphere ILOG JRules V7.1 an interim fix for APAR RS01371 is available from IBM Fix Central: 7.1.1.5-WS-BRMS_JDK-WIN-IF024.

For IBM Operational Decision Manager interim fixes for APAR RS01371 are available on Fix Central:
  • v7.5 Interim Fix 31: 7.5.0.4-WS-ODM_JDK-<OS>-IF031
  • v8.0 Interim Fix 14: 8.0.1.1-WS-ODM_JDK-<OS>-IF014
  • v8.5 Interim Fix 6: 8.5.0.0-WS-ODM_JDK-<OS>-IF006

  • If you are using WebSphere ILOG JRules V7.0 we recommend upgrading to the latest version before End of Service in 2014. In case you need this update you can install the interim fix provided for JRules V7.1 to refresh the IBM JRE.

    MITIGATION:
    none known

    WORKAROUND:
    None known; apply fixes

    REFERENCES:
    Complete CVSS Guide (https://www.first.org/cvss/v2/guide)
    On-line Calculator V2 (http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2)


    CHANGE HISTORY:
    September 1 2013: Original Copy
    February 20 2016: fix broken link in CVSS guide

    Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY

    [{"Product":{"code":"SSQP76","label":"IBM Operational Decision Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Maintenance","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5;8.0.1;7.5","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SS6MTS","label":"WebSphere ILOG JRules"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Maintenance","Platform":[{"code":"PF033","label":"Windows"}],"Version":"7.1.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

    Document Information

    Modified date:
    25 September 2022

    UID

    swg21647384