Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Insight

Summary

There is a vulnerability in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Insight. This issue was disclosed as part of the IBM Java SDK updates in Oct 2017.

Vulnerability Details

CVEID: CVE-2017-10356**
DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133785 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

• IBM Cognos Insight 10.2.1
  IBM Cognos Insight 10.2.2

Remediation/Fixes

The recommended solution is to apply the fix for versions listed as soon as practical.

Cognos Insight Standard Edition 10.2.1 Fix Pack 2 Interim Fix 24

Link:<http://www.ibm.com/support/docview.wss?uid=swg24044707&gt;

Cognos Insight Standard Edition 10.2.2.7 Interim Fix 12

Link: <http://www.ibm.com/support/docview.wss?uid=swg24044709&gt;

Workarounds and Mitigations

None