IBM0B789E192029DD1FF18049A6227D7621CE95A243554543692E26ABC39AC805B1Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Host On-Demand (CVE-2016-0264 ,CVE-2016-3449)
EPSS
Percentile
92.1%
Summary
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6.0, 7.0,7R1 and 8.0 , that is used by IBM Host On -Demand This issue was disclosed as part of the IBM Java SDK updates in April 2016.
Vulnerability Details
CVEID: CVE-2016-3449 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 7.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112453 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVEID: CVE-2016-0264 DESCRIPTION: A buffer overflow vulnerability in the IBM JVM facilitates arbitrary code execution under certain limited circumstances.
CVSS Base Score: 5.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110867 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
IBM Host On-Demand 11.0.14 and earlier
IBM Host On-Demand 12.0
Remediation/Fixes
Upgrade to fixed IBM® Runtime Environments Java™
_
_o IBM® Runtime Environment Java™ Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 40 _
o IBM® Runtime Environment Java™ Technology Edition, Version 7 Service Refresh 9 Fix Pack 40
o IBM® Runtime Environment Java™ Technology Edition, Version 8 Service Refresh 3 _
Fix for IBM® Runtime Environment Java™ Technology Edition, Version 6 will be updated shortly
Workarounds and Mitigations
NONE
Related
EPSS
Percentile
92.1%