Multiple security vulnerabilities exist in the IBM® Runtime Environment Java™ Technology Edition 6.0.16.26 (and earlier) used by WebSphere Message Broker, and the IBM® Runtime Environment Java™ Technology Edition 7.0.9.40 (and earlier) used by WebSphere Message Broker and IBM Integration Bus, and the IBM® Runtime Environment Java™ Technology Edition 7.1.3.40 (and earlier) used by IBM Integration Bus. These issues were disclosed as part of the IBM Java SDK updates in July 2016.
CVEID: CVE-2016-3485**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 2.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115273 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
IBM Integration Bus V10, V9
WebSphere Message Broker V8
Product
| VRMF|APAR|Remediation/Fix
—|—|—|—
IBM Integration Bus| V10| IT16743 | The APAR is available in fix pack 10.0.0.7
<https://www-304.ibm.com/support/docview.wss?uid=swg24043068>
IBM Integration Bus| V9| IT16743| The APAR is available in fix pack 9.0.0.7
<http://www-01.ibm.com/support/docview.wss?uid=swg24043227>
WebSphere Message Broker | V8| IT16743| An interim fix is available from IBM Fix Central for all platforms
http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars=IT16743
If you are running with a fix pack earlier than 8.0.0.7 and do not have IT03599 applied then you must upgrade your fix pack level to 8.0.0.7 or higher, or request IT16735 via IBM support.
APAR IT16743 is targeted to be available in fix pack 8.0.0.9
For unsupported versions of the product IBM recommends upgrading to a fixed, supported version/release/platform of the product.
The planned maintenance release dates for WebSphere Message Broker and IBM Integration Bus are available at :
http://www.ibm.com/support/docview.wss?uid=swg27006308
CPE | Name | Operator | Version |
---|---|---|---|
ibm integration bus | eq | 10.0 | |
ibm integration bus | eq | 9.0 | |
websphere message broker | eq | 8.0 |