Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Asset analyzer. (CVE-2016-5597)

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition Version 8.0.3.12 and earlier used by Rational Asset Analyzer. These issues were disclosed as part of the IBM Java SDK updates in October 2016.

Vulnerability Details

CVEID: CVE-2016-5597 **DESCRIPTION: *An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118071&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Rational Asset Analyzer 6.1.x

Remediation/Fixes

| VRMF| APAR| Remediation/First Fix
—|—|—|—
Rational Asset Analyzer| 6.1.0.x|
| Update to RAA Fix pack 12:

http://www-01.ibm.com/support/docview.wss?uid=swg24043093

Workarounds and Mitigations

None