Security Bulletin: A vulnerability in IBM Java affects IBM ILOG CPLEX Optimization Studio (CVE-2021-35586)

Summary

There is a vulnerability in IBM® Java™ version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2021-35586
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211661 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Remediation/Fixes

The recommended solution is to download and install the appropriate version of IBM JRE as soon as practicable.
Before installing a newer version of IBM JRE, please ensure that you:

• Close any open programs that you may have running;
• Rename the initial directory of the IBM JRE (for example: with a .old at the end),
• Download and install the appropriate IBM JRE version.

IBM ILOG CPLEX Optimization Studio

IBM Java Version 8 Service Refresh 7 Fix Pack 0 and subsequent releases

You must verify that applying this fix does not cause any compatibility issues.
Here are the detailed instructions for updating IBM JRE.

For Mac OS, HP-UX and Solaris, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None