Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server

Summary

There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server. IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server have addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2019-2958
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169264 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Remediation/Fixes

The recommended solution is to download and install the appropriate version of IBM JRE as soon as practicable.
Please note that Java 6 is no longer supported anymore. IBM recommends upgrading to COS 12.10 and subsequent releases.

Before installing a newer version of IBM JRE, please ensure that you:

• Close any open programs that you may have running;
• Rename the initial directory of the IBM JRE (for example: with a .old at the end),
• Download and install the appropriate IBM JRE version.

IBM ILOG CPLEX Optimization Studio and** IBM ILOG CPLEX Enterprise Server:**

IBM JRE Version 8 Service Refresh 6 and subsequent releases

You must verify that applying this fix does not cause any compatibility issues.
Here are the detailed instructions for updating IBM JRE.

For HP-UX and Solaris, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None