-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Wed Dec 11 10:53:34 CST 2013 | Updated: Mon Feb 3 10:36:58 CST 2014 | Updated: Sections II and III modifications | Updated: Includes VIOS The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/java_advisory.asc ftp://aix.software.ibm.com/aix/efixes/security/java_advisory.asc =============================================================================== VULNERABILITY SUMMARY VULNERABILITY: Multiple vulnerabilities in current releases of the IBM® SDK, Java Technology Edition. PLATFORMS: PowerSC and AIX 5.3, 6.1 and 7.1. | VIOS 2.2.x SOLUTION: Apply the fix as described below. THREAT: Varies threats described below. CERT VU Number: n/a CVE Numbers: CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-4041 CVE-2013-5375 CVE-2013-5372 CVE-2013-5843 CVE-2013-5789 CVE-2013-5830 CVE-2013-5829 CVE-2013-5787 CVE-2013-5788 CVE-2013-5824 CVE-2013-5842 CVE-2013-5782 CVE-2013-5817 CVE-2013-5809 CVE-2013-5814 CVE-2013-5832 CVE-2013-5850 CVE-2013-5838 CVE-2013-5802 CVE-2013-5812 CVE-2013-5804 CVE-2013-5783 CVE-2013-3829 CVE-2013-5823 CVE-2013-5831 CVE-2013-5820 CVE-2013-5819 CVE-2013-5818 CVE-2013-5848 CVE-2013-5776 CVE-2013-5774 CVE-2013-5825 CVE-2013-5840 CVE-2013-5801 CVE-2013-5778 CVE-2013-5851 CVE-2013-5800 CVE-2013-5784 CVE-2013-5849 CVE-2013-5790 CVE-2013-5780 CVE-2013-5797 CVE-2013-5803 CVE-2013-5772 |Reboot required? NO |Workarounds? NO =============================================================================== DETAILED INFORMATION I. DESCRIPTION There are a number of vulnerabilities in the IBM SDK, Java Technology Edition that affect various components. CVE-2013-5456, CVE-2013-5457 and CVE-2013-5458 allow code running under a security manager to escalate its privileges by modifying or removing the security manager. CVE-2013-4041 and CVE-2013-5375 allow code running under a security manager to access restricted classes. These vulnerabilities could occur when untrusted code is executed under a security manager, or when the IBM SDK, Java Technology Edition has been associated with a web browser for running applets and Web Start applications. CVE-2013-5372 is a denial of service vulnerability which could result in a complete availability impact on the affected system. This bulletin also covers all applicable CVEs published by Oracle as part of their October 2013 Java SE Critical Patch Update. For more information please refer to Oracle's October 2013 Java SE CPU Advisory. II. CVSS CVEID: CVE-2013-5456 CVSS Base Score: 9.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88255 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-5457 CVSS Base Score: 9.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88256 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-5458 CVSS Base Score: 9.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88257 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) CVEID: CVE-2013-4041 CVSS Base Score: 6.8 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/86416 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVEID: CVE-2013-5375 CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/86901 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVEID: CVE-2013-5372 CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/86662 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVEID: CVE-2013-5843 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87971 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C) CVEID: CVE-2013-5789 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87968 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C) CVEID: CVE-2013-5830 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87961 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C) CVEID: CVE-2013-5829 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87963 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C) CVEID: CVE-2013-5787 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87967 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C) CVEID: CVE-2013-5788 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87966 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C) CVEID: CVE-2013-5824 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87965 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C) CVEID: CVE-2013-5842 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87970 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C) CVEID: CVE-2013-5782 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87960 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C) CVEID: CVE-2013-5817 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87969 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C) CVEID: CVE-2013-5809 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87962 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C) CVEID: CVE-2013-5814 CVSS Base Score: 10 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87964 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C) CVEID: CVE-2013-5832 CVSS Base Score: 9.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87972 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/M:Au/N:C/C:I/C:A/C) CVEID: CVE-2013-5850 CVSS Base Score: 9.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87973 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/M:Au/N:C/C:I/C:A/C) CVEID: CVE-2013-5838 CVSS Base Score: 9.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87974 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/M:Au/N:C/C:I/C:A/C) CVEID: CVE-2013-5802 CVSS Base Score: 7.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87982 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/P) CVEID: CVE-2013-5812 CVSS Base Score: 6.4 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87985 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/P) CVEID: CVE-2013-5804 CVSS Base Score: 6.4 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87984 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/N) CVEID: CVE-2013-5783 CVSS Base Score: 6.4 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87987 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/N) CVEID: CVE-2013-3829 CVSS Base Score: 6.4 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87986 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/N) CVEID: CVE-2013-5823 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87989 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/N:A/P) CVEID: CVE-2013-5831 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87995 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N) CVEID: CVE-2013-5820 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87996 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N) CVEID: CVE-2013-5819 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87994 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N) CVEID: CVE-2013-5818 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87993 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N) CVEID: CVE-2013-5848 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88000 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N) CVEID: CVE-2013-5776 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87992 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N) CVEID: CVE-2013-5774 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87999 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N) CVEID: CVE-2013-5825 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87988 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/N:A/P) CVEID: CVE-2013-5840 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87998 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N) CVEID: CVE-2013-5801 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87991 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N) CVEID: CVE-2013-5778 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87990 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N) CVEID: CVE-2013-5851 CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87997 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N) CVEID: CVE-2013-5800 CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88002 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N) CVEID: CVE-2013-5784 CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88005 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/M:Au/N:C/N:I/P:A/N) CVEID: CVE-2013-5849 CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88003 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N) CVEID: CVE-2013-5790 CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88004 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N) CVEID: CVE-2013-5780 CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88001 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N) CVEID: CVE-2013-5797 CVSS Base Score: 3.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88006 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/M:Au/S:C/N:I/P:A/N) CVEID: CVE-2013-5803 CVSS Base Score: 2.6 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88008 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/H:Au/N:C/N:I/N:A/P) CVEID: CVE-2013-5772 CVSS Base Score: 2.6 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88007 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV/N:AC/H:Au/N:C/N:I/P:A/N) | III. PLATFORM VULNERABILITY ASSESSMENT | To determine if your system is vulnerable, run the following commands for the Java version | on your system: | # lslpp -l | grep Java | grep sdk | # lslpp -l | grep Java | grep jre | The following fileset levels (VRMF) are vulnerable, if the respective Java version is installed: | For Java5: Less than 5.0.0.560 | For Java6: Less than 6.0.0.435 | For Java7: Less than 7.0.0.110 | Java7 Release 1: 7.1.0.000 is NOT vulnerable IV. FIXES AFFECTED PRODUCTS AND VERSIONS: AIX 5.3 AIX 6.1 AIX 7.1 PowerSC | VIOS 2.2.x REMEDIATION: IBM SDK, Java 2 Technology Edition, Version 5.0 Service Refresh 16 Fix Pack 4 and later 32-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix32j5b&S_TACT=105AGX05&S_CMP=JDK 64-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix64j5b&S_TACT=105AGX05&S_CMP=JDK IBM SDK, Java Technology Edition, Version 6 Service Refresh 15 and later 32-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix32j6b&S_TACT=105AGX05&S_CMP=JDK 64-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix64j6b&S_TACT=105AGX05&S_CMP=JDK IBM SDK, Java Technology Edition, Version 7 Service Refresh 6 and later 32-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix32j7b&S_TACT=105AGX05&S_CMP=JDK 64-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix64j7b&S_TACT=105AGX05&S_CMP=JDK To learn more about AIX support levels and Java service releases, see the following: http://www.ibm.com/developerworks/java/jdk/aix/service.html#levels V. WORKAROUNDS None VI. CONTACT INFORMATION If you would like to receive AIX Security Advisories via email, please visit: http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq Comments regarding the content of this announcement can be directed to: security-alert@austin.ibm.com To request the PGP public key that can be used to communicate securely with the AIX Security Team you can either: A. Send an email with "get key" in the subject line to: security-alert@austin.ibm.com B. Download the key from a PGP Public Key Server. The key ID is: 0x28BFAA12 Please contact your local IBM AIX support center for any assistance. eServer is a trademark of International Business Machines Corporation. IBM, AIX and pSeries are registered trademarks of International Business Machines Corporation. All other trademarks are property of their respective holders. VII. REFERENCES: Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2 CVE-2013-5456: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5456 CVE-2013-5457: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5457 CVE-2013-5458: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5458 CVE-2013-4041: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4041 CVE-2013-5375: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5375 CVE-2013-5372: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5372 CVE-2013-5843: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843 CVE-2013-5789: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789 CVE-2013-5830: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830 CVE-2013-5829: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829 CVE-2013-5787: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787 CVE-2013-5788: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5788 CVE-2013-5824: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824 CVE-2013-5842: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842 CVE-2013-5782: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782 CVE-2013-5817: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817 CVE-2013-5809: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809 CVE-2013-5814: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814 CVE-2013-5832: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832 CVE-2013-5850: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850 CVE-2013-5838: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838 CVE-2013-5802: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802 CVE-2013-5812: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812 CVE-2013-5804: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804 CVE-2013-5783: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783 CVE-2013-3829: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829 CVE-2013-5823: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823 CVE-2013-5831: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831 CVE-2013-5820: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820 CVE-2013-5819: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819 CVE-2013-5818: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818 CVE-2013-5848: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848 CVE-2013-5776: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776 CVE-2013-5774: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774 CVE-2013-5825: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825 CVE-2013-5840: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840 CVE-2013-5801: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801 CVE-2013-5778: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778 CVE-2013-5851: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851 CVE-2013-5800: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5800 CVE-2013-5784: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784 CVE-2013-5849: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849 CVE-2013-5790: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790 CVE-2013-5780: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780 CVE-2013-5797: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797 CVE-2013-5803: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803 CVE-2013-5772: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772 *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (AIX) iEYEARECAAYFAlLvxe4ACgkQ4fmd+Ci/qhIyJwCghirbKIbzL2db7Xa9FO8OqgQE 6OsAni19Xm6ZmA0RHMjPG46p/4wk8p8D =rWHF -----END PGP SIGNATURE-----