Security Bulletin: IBM Security SiteProtector System can be affected by a vulnerability in the IBM Java JRE (CVE-2013-5809)
IBM Security SiteProtector System can be affected by vulnerability in the IBM Java JRE. This vulnerability could allow a remote attacker to affect confidentiality, integrity, and availability by means of unknown vectors related to the Java 2D component.
An unspecified vulnerability in the IBM Java JRE included with IBM Security SiteProtector allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Java 2D component.
The attack does not require local network access, authentication or specialized knowledge and techniques. An exploit can impact the confidentiality of information, the integrity of data, and accessibility of the system.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/87962 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)
AFFECTED PRODUCTS AND VERSIONS:
IBM Security SiteProtector System: 2.9 and 3.0
Apply the appropriate SiteProtector Core XPU:
For IBM Security SiteProtector System: 2.9 apply ServicePack2_9_0_2.xpu
For IBM Security SiteProtector System: 3.0 apply ServicePack3_0_0_2.xpu
Accomplish this by going to the "Agent View" in the SiteProtector Console and noting that the SiteProtector Core component is "out of date". Select that component, right-click, choose "Updates -> Apply XPU..." and follow the prompts.
These updates also are available from the IBM Security License Key and Download Center (login required):
Workaround(s) & Mitigation(s):
Complete CVSS Guide
On-line Calculator V2
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
|24 January 2014||Initial publication|
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.
Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.