Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Content Classification (CVE-2016-3443 and CVE-2016-3422)

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6.0
that is used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in April 2016.

Vulnerability Details

CVEID: CVE-2016-3443**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112452 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-3422**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the 2D component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112454 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

IBM Content Classification 8.8

Remediation/Fixes

Download iFix 6 for Content Classification 8.8 from Fix Central. For instructions, see:
<http://www.ibm.com/support/docview.wss?uid=swg24042294&gt;

Workarounds and Mitigations

None