IBM Support

Security Bulletin: IBM Security SiteProtector System can be affected by a vulnerability in the IBM Java JRE (CVE-2013-5809)

Flash (Alert)


Abstract

IBM Security SiteProtector System can be affected by vulnerability in the IBM Java JRE. This vulnerability could allow a remote attacker to affect confidentiality, integrity, and availability by means of unknown vectors related to the Java 2D component.

Content

VULNERABILITY DETAILS:
CVEID: CVE-2013-5809
DESCRIPTION:
An unspecified vulnerability in the IBM Java JRE included with IBM Security SiteProtector allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Java 2D component.
The attack does not require local network access, authentication or specialized knowledge and techniques. An exploit can impact the confidentiality of information, the integrity of data, and accessibility of the system.

CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/87962 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

AFFECTED PRODUCTS AND VERSIONS:

IBM Security SiteProtector System: 2.9 and 3.0


REMEDIATION:

Apply the appropriate SiteProtector Core XPU:

For IBM Security SiteProtector System: 2.9 apply ServicePack2_9_0_2.xpu

For IBM Security SiteProtector System: 3.0 apply ServicePack3_0_0_2.xpu

Accomplish this by going to the "Agent View" in the SiteProtector Console and noting that the SiteProtector Core component is "out of date". Select that component, right-click, choose "Updates -> Apply XPU..." and follow the prompts.

These updates also are available from the IBM Security License Key and Download Center (login required):
https://ibmss.flexnetoperations.com


Workaround(s) & Mitigation(s):
None


REFERENCES:
Complete CVSS Guide
On-line Calculator V2
CVE-2013-5809
https://exchange.xforce.ibmcloud.com/vulnerabilities/87962


RELATED INFORMATION:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

ACKNOWLEDGEMENT
None

CHANGE HISTORY

24 January 2014 Initial publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.


Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.




Document information

More support for: IBM Security SiteProtector System

Software version: 2.9, 3.0

Operating system(s): Windows

Reference #: 1662685

Modified date: 19 December 2014