Security Bulletin: A security vulnerability has been identified in IBM Java SDK shipped with IBM DB2 Recovery Expert for Linux, UNIX, and Windows (CVE-2015-4872)

Summary

IBM Java SDK is shipped as a component of IBM DB2 Recovery Expert for Linux, UNIX, and Windows . Information about a security vulnerability affecting IBM Java SDK has been published in a security bulletin.

Vulnerability Details

CVEID: CVE-2015-4872**
DESCRIPTION:** An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM DB2 Recovery Expert for Linux, UNIX, and Windows versions 3.1 through 4.1

Remediation/Fixes

Replace existing JRE with JRE V7 SR9-Fix Pack 1 (http://www-01.ibm.com/support/docview.wss?uid=swg21639279).

You can replace the IBM Runtime Environment, Java™ Technology Edition that is installed with IBM DB2 Recovery Expert for Linux, UNIX, and Windows with the latest IBM Runtime Environment, Java™ Technology Edition following the detailed instructions provided in the tech-note “Updating the JRE for DB2 Recovery Expert for Linux, UNIX and Windows”.