Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware on Windows (CVE-2016-3485)

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect™ for Virtual Environments). These issues were disclosed as part of the IBM Java SDK updates in July 2016.

Vulnerability Details

CVEID: CVE-2016-3485**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 2.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115273 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

The following levels of IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect for Virtual Environments) are affected on the Windows platform:

• 7.1.0.0 through 7.1.6.3
• 6.4.0.0 through 6.4.3.4
• 6.3.0.0 through 6.3.2.7

Remediation/Fixes

Tivoli Storage Manager for VE: Data Protection for VMware Release

| First Fixing VRMF Level|Client Platform|Link to Fix / Fix Availability Target
—|—|—|—
7.1| 7.1.6.4| Windows| http://www.ibm.com/support/docview.wss?uid=swg24042520****
6.4| 6.4.3.5| Windows| http://www.ibm.com/support/docview.wss?uid=swg24041370
6.3| 6.3.2.8| Windows| http://www.ibm.com/support/docview.wss?uid=swg24037601

Workarounds and Mitigations

None