Security Bulletin: Vulnerability in IBM Java SDK affects IBM Decision Optimization Center (CVE-2016-0603)

Summary

There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM Decision Optimization Center. SDK installation executables on the Windows platform are affected by this vulnerability.

Vulnerability Details

CVE-ID: CVE-2016-0603 Description: IBM Java JRE/SDK could allow a remote attacker to execute arbitrary code on the system, caused by an error during the installation process. By persuading a victim to visit a specially crafted web site and downloading files prior to installation, an attacker could exploit this vulnerability to gain complete control of the system.
CVSS Base Score: 7.600
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110446&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)

Affected Products and Versions

IBM Decision Optimization Center 3.8.0.2 and earlier

Product Version(s)|

Affected Supporting Product and Version

—|—
IBM ILOG Optimization Decision Manager Enterprise: v3.5 - v3.7.0.2
IBM Decision Optimization Center: v3.8 - v3.8.0.2|

IBM JDK Version 6 Service Refresh 16 Fix Pack 21

Remediation/Fixes

The recommended solution is to download and install the IBM Java SDK as soon as practicable.

Before installing a newer version of IBM Java SDK, please ensure that you:

• Close any open programs that you have running;
• Rename the initial directory of the IBM Java SDK (for example: with a .old at the end),
• Download and install IBM Java SDK Version 6 Service Refresh 16 Fix Pack 21 and subsequent releases.
• Here are the detailed instructions for updating IBM Java SDK.

You must verify that applying this fix does not cause any compatibility issues.