Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7, Java™ Version 8 used by Security Directory Integrator. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017.

Vulnerability Details

CVEID: CVE-2017-10116**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128877 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2017-10102**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded RMI component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128863 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Affected Products and Versions

IBM Tivoli Directory Integrator 7.1.1
IBM Security Directory Integrator 7.2.0
IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 5 and earlier releases
IBM SDK, Java Technology Edition, Version 8 Service Refresh 4 Fix Pack 7 and earlier releases

Remediation/Fixes

Affected Products and Versions

| Fix availability
—|—
TDI 7.1.1| 7.1.1-TIV-TDI-LA0036
SDI 7.2| 7.2.0-ISS-SDI-LA0016