Security Bulletin: Java Platform Standard Edition Vulnerability in Multiple N Series Products (CVE-2016-0636)

Summary

Multiple N Series Products incorporate the Oracle Java Platform, Standard Edition (Java SE) software libraries. Java SE versions 7u97, 8u73 and 8u74 are susceptible to a vulnerability, potentially leading to an unauthorized Operating System takeover including arbitrary code execution.

Vulnerability Details

CVEID: CVE-2016-0636**
DESCRIPTION:** Oracle Java SE could allow a remote attacker to execute arbitrary code on the system, caused by an error during the installation process. By persuading a victim to visit a specially crafted web site, an attacker could exploit this vulnerability to gain complete control of the system.
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111731 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Affected Products and Versions

NS OnCommand Core Package: 5.2, 5.2R1, 5.2.1P1, 5.2.1P2;

Remediation/Fixes

For NS OnCommand Core Package: the fix exists from microcode version: 5.2.2;

Please contact IBM support or go to this link to download a supported release.

Workarounds and Mitigations

None.