Security Bulletin:Vulnerability in IBM Java Runtime affect IBM Host On-Demand (CVE-2016-0363)

Summary

There is vulnerability in IBM® Runtime Environment Java™ Version 1.6, 1.7, 7.1 and 8.0
that is used by IBM Host On -Demand This issue was disclosed as part of the IBM Java SDK updates in April 2016.

Vulnerability Details

CVEID: CVE-2016-0363** *DESCRIPTION: IBM SDK, Java Technology Edition contains a vulnerability in the IBM ORB implementation that may allow untrusted code running under a security manager to elevate its privileges. This vulnerability was originally reported as CVE-2013-3009.
CVSS Base Score: 8.1
CVSS Temporal Score: See _https://exchange.xforce.ibmcloud.com/vulnerabilities/112016 _for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM Host On-Demand 11.0.14 and earlier
IBM Host On-Demand 12.0

Remediation/Fixes

Upgrade to fixed IBM® Runtime Environments Java™

o IBM® Runtime Environment Java™ Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 40
o IBM® Runtime Environment Java™ Technology Edition, Version 7 Service Refresh 9 Fix Pack 40
o IBM® Runtime Environment Java™ Technology Edition, Version 8 Service Refresh 3
Fix for IBM® Runtime Environment Java™ Technology Edition, Version 6 will be updated shortly

Workarounds and Mitigations

NONE