Security Updates 2015 and earlier - Databridge

  • 7021901
  • 29-Jan-2013
  • 31-Mar-2018

Environment

Databridge version 6.1 or higher

Situation

This technical note describes security issues related to Databridge. If you rely on the security features of Databridge, you should consult this technical note on a regular basis for any updated information regarding these features.

Resolution

Other Useful Resources

Java and Databridge Products

The only component of Databridge that uses Java is the Databridge console, which is part of the Databridge client. It is possible (and common) to use the Databridge client from the command line, in which case you do not need to use the console. The other Databridge components (including Databridge host and Databridge Enterprise) do not use Java.

Security Alerts and Advisories

The following security alerts and advisories may affect your product installation, or the security of your operating system or network environment. We recommend that you review these alerts and advisories.

Note: This information is non-inclusive—it does not attempt to address all security issues that may affect your system.

IMPORTANT REMINDER: The security for all of the Attachmate products using the Attachmate security features depends upon the security of the operating system, host, and network environment. We strongly recommend that you evaluate and implement all relevant security service packs, updates, and patches recommended by your operating system, host, and network manufacturers. For more information, see KB 7021969.

Alert
Multiple Oracle JRE Vulnerabilities
Date Posted
May 2015
Summary
According to Oracle, to be successfully exploited, an unsuspecting user running an affected release in a browser needs to visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. These vulnerabilities are not applicable to Java running on servers or within applications.
Product Status
Users running the Databridge client from the Databridge console are encouraged to download the most recent version of Java: http://www.oracle.com/technetwork/java/javase/downloads/index.html.
Additional Information
Oracle lists the security vulnerabilities addressed by Oracle advisories (updates); see the mapping at http://www.oracle.com/technetwork/topics/security/public-vuln-to-advisory-mapping-093627.html.
Alert
OpenSSL "Heartbleed" Vulnerability CVE-2014-0160
Date Posted
April 2014
Summary
A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension.
Product Status
Databridge products are not affected by this issue.
Additional Information
For details and the latest information on mitigations, see the following:
US-CERT Technical Alert:
https://www.us-cert.gov/ncas/alerts/TA14-098A
CERT-CC Vulnerability Note VU#720951:
http://www.kb.cert.org/vuls/id/720951
National Vulnerability Database:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160.

Notice: This technical note is updated from time to time and is provided for informational purposes only. Attachmate makes no representation or warranty that the functions contained in our software products will meet your requirements or that the operation of our software products will be interruption or error free. Attachmate EXPRESSLY DISCLAIMS ALL WARRANTIES REGARDING OUR SOFTWARE INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Status

Security Alert

Additional Information

Legacy KB ID

This document was originally published as Attachmate Technical Note 2575.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.