Lucene search

K
ibmIBMC957E74003410503494BCE3017A5BCD1784E21220D2366BCEFF83B94D0E79016
HistoryJun 17, 2018 - 5:13 a.m.

Security Bulletin: Multiple vulnerabilities in the IBM Java SDK affects IBM Rational Application Developer for WebSphere Software (CVE-2016-0363, CVE-2016-0376)

2018-06-1705:13:06
www.ibm.com
8

EPSS

0.071

Percentile

94.0%

Summary

There are multiple vulnerabilities in IBM® SDKs Java™ Technology Edition, Versions 7 and 8 that is used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in April 2016.

Vulnerability Details

CVEID: CVE-2016-0363**
DESCRIPTION:** IBM SDK, Java Technology Edition contains a vulnerability in the IBM ORB implementation that may allow untrusted code running under a security manager to elevate its privileges.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112016 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-0376**
DESCRIPTION:** A vulnerability in IBM Java SDK could allow a remote attacker to execute arbitrary code on the system. This vulnerability allows code running under a security manager to escalate its privileges by modifying or removing the security manager.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112152 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM Rational Application Developer for WebSphere Software 9.5.0.2 and earlier

Remediation/Fixes

Update the IBM SDK, Java Technology Edition of the product to address this vulnerability:

Product VRMF APAR Remediation/First Fix
Rational Application Developer 8.5 through 9.5.0.2 PI60973

Workarounds and Mitigations

None

EPSS

0.071

Percentile

94.0%

Related for C957E74003410503494BCE3017A5BCD1784E21220D2366BCEFF83B94D0E79016