CVE-2013-0440 - Unspecified vulnerability in IBM Java Runtime Environment allows remote attackers to affect availability via vectors related to JSSE.
CVE- 2013-0443 - Unspecified vulnerability in IBM Java Runtime Environment allows remote attackers to affect confidentiality and integrity via vectors related to JSSE
CVE-2013-0169 - The Transport Layer Security protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
CVE(s): CVE-2013-0440 CVE-2013-0443 and CVE-2013-0169
Affected product(s) and affected version(s):
QRadar SIEM and QRadar Risk Manager
7.1, 7.1MR1, 7.1MR2
Refer to the following reference URLs for remediation and additional vulnerability details.
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21637998
X-Force Database (http://xforce.iss.net/xforce/xfdb/81799)
X-Force Database (http://xforce.iss.net/xforce/xfdb/81801)
X-Force Database (http://xforce.iss.net/xforce/xfdb/81902)