Security Bulletin: Java CVE-2015-2590

Summary

An unspecified vulnerability related to the Libraries component has complete confidentiality impact, complete integrity impact, and complete availability impact and affects IBM i java.

Vulnerability Details

CVEID: CVE-2015-2590 DESCRIPTION: An unspecified vulnerability and Java SE Embedded related to the Libraries component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104724 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Affected Products and Versions

Releases V3R7, V4R1, V4R2, V4R3, V4R4, V5R1, V5R2, V5R3, V5R4, 6.1, 7.1 and 7.2 of IBM i are affected.

Remediation/Fixes

The issue can be fixed by applying a PTF to the IBM i Operating System.

Releases 6.1, 7.1 and 7.2 of IBM i are supported and will be fixed. Releases V3R7, V4R1, V4R2, V4R3, V4R4, V5R1, V5R2, V5R3 and V5R4 are unsupported and will not be fixed.

Please see the Java document at this URL for the latest Java information for IBM i:
http://www.ibm.com/developerworks/ibmi/techupdates/java

The IBM i PTF numbers are:

Release 6.1 – SF99562 level 33 ** Release 7.1 – SF99572 level 22** ** Release 7.2 – SF99716 level 7**

_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.

Workarounds and Mitigations

None