You are here

V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities

June 14, 2013 - 6:00am

Addthis

PROBLEM:

IBM has acknowledged a weakness and two vulnerabilities in IBM Data Studio

PLATFORM:

IBM Data Studio 3.x

ABSTRACT:

IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE

REFERENCE LINKS:

Secunia Advisory SA53778
IBM Flash Alert 1640533
CVE-2013-0169
CVE-2013-0440
CVE-2013-0443

IMPACT ASSESSMENT:

High

DISCUSSION:

An unspecified vulnerability within the JSSE component could allow:

1) A remote attacker to cause a denial of service

2) To statistically observe the time necessary to generate/receive error messages and deduce the plaintext after a relatively small number of decryption operations

IMPACT:

Manipulation of data
Exposure of sensitive information
DoS

SOLUTION:

Vendor recommends Upgrading to version 4.1

Addthis