There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refresh 11 used by IBM Streams. These issues were disclosed as part of the IBM Java SDK updates in October 2016.
CVEID: CVE-2016-5597**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118071 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
The following versions may be impacted:
* IBM Streams Version 4.2.0.3 and earlier
* IBM InfoSphere Streams Version 4.1.1.2 and earlier
* IBM InfoSphere Streams Version 4.0.1.3 and earlier
* IBM InfoSphere Streams Version 3.2.1.6 and earlier
* IBM InfoSphere Streams Version 3.1.0.8 and earlier
* IBM InfoSphere Streams Version 3.0.0.6 and earlier
To remediate/fix this issue, follow the instructions below:
* **Version 4.2.0:**Apply IBM Streams Mod Release 4.2.1 Fix Pack 1 (4.2.1.1) from [Passport Advantage.](<https://www.ibm.com/software/passportadvantage/>)
* **Version 4.1.1**: Apply [4.1.1 Fix Pack 3 (4.1.1.3) or higher.](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.1.1.0&platform=All&function=all>)
* **Version 4.0.1:**Apply [4.0.1 Fix Pack 4 (4.0.1.4) or higher.](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.0.1.0&platform=All&function=all>)
* **Versions 3.2.1, 3.1.0, and 3.0.0:**For versions earlier than 4.x.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin.
NOTE: Fix Packs are available on IBM Fix Central.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm streams | eq | 3.0 | |
ibm streams | eq | 3.1 | |
ibm streams | eq | 3.2 | |
ibm streams | eq | 3.2.1 | |
ibm streams | eq | 4.0 | |
ibm streams | eq | 4.0.1 | |
ibm streams | eq | 4.1 | |
ibm streams | eq | 4.1.1 | |
ibm streams | eq | 4.2 | |
ibm streams | eq | 4.2.1 |