Security Bulletin: IBM Tivoli Monitoring for Energy Management Agent for Schneider Electric Andover Continuum clients affected by vulnerability in IBM JRE (CVE-2011-3389)
IBM Tivoli Monitoring for Energy Management Agent for Schneider Electric Andover Continuum ships and uses a Java Runtime Environment (JRE). This alert addresses vulnerabilities in the IBM JRE using the Secure Socket Layer (SSL) protocol.
CVE IDs: CVE-2011-3389
DESCRIPTION: Although, this is not a direct IBM Tivoli Monitoring for Energy Management Agent for Schneider Electric Andover Continuum client exposure, the affected JRE has been updated to Java 1.6.0 SR11 which remediates this type of threat.
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/70069 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
For detailed information on all the vulnerabilities addressed in the Oracle June 12 th 2012 CPU, refer to the following link:
IBM Developerworks Java Security Alerts
AFFECTED PRODUCTS AND VERSIONS:
IBM Tivoli Monitoring for Energy Management Agent for Schneider Electric Andover Continuum, version 6.3.2.
The following maintenance has been delivered to remedy the potential vulnerabilities described in this alert. This maintenance release upgrades the JRE to Java 1.6.0 SR11 on Windows(R)and Linux(R) platforms.
|Fix*||VRMF||APAR||How to acquire fix|
|None||6.3.2||None||Upgrade to Interim Feature 01 and apply 188.8.131.52-TIV-ITM_EM-SCH-IF0001|
- Complete CVSS Guide
- On-line Calculator V2
- X-Force Vulnerability Database http://xforce.iss.net/xforce/xfdb/70069
RELATED INFORMATION: None.
November 26, 2012 Advisory Flash Created
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.
Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
More support for:
Tivoli Monitoring for Energy Management
Schneider Electric Andover Continuum Agent
Software version: 184.108.40.206
Operating system(s): Linux, Windows
Reference #: 1616815
Modified date: 19 August 2015