There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6.0, 7.0,7R1 and 8.0 , that is used by IBM Host On -Demand This issue was disclosed as part of the IBM Java SDK updates in April 2016.
CVEID: CVE-2016-3449 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 7.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112453 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID: CVE-2016-0264 DESCRIPTION: A buffer overflow vulnerability in the IBM JVM facilitates arbitrary code execution under certain limited circumstances.
CVSS Base Score: 5.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110867 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
IBM Host On-Demand 11.0.14 and earlier
IBM Host On-Demand 12.0
Upgrade to fixed IBM® Runtime Environments Java™
_
_o IBM® Runtime Environment Java™ Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 40 _
o IBM® Runtime Environment Java™ Technology Edition, Version 7 Service Refresh 9 Fix Pack 40
o IBM® Runtime Environment Java™ Technology Edition, Version 8 Service Refresh 3 _
Fix for IBM® Runtime Environment Java™ Technology Edition, Version 6 will be updated shortly
NONE