IBME31556778C8FF3A8B396592B829DD88BEE897D7FED32188835C249A4535396FDSecurity Bulletin: Vulnerability in IBM Java Runtime affect Rational Host On-Demand (CVE-2016-0603)
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
Summary
There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 1.6 , 1.7 and 1.8 that is used by Rational Host On Demand .JRE installation executables on the Windows platform are affected by this vulnerability.
Vulnerability Details
CVE-ID: CVE-2016-0603 Description: IBM Java JRE/SDK could allow a remote attacker to execute arbitrary code on the system, caused by an error during the installation process. By persuading a victim to visit a specially crafted web site and downloading files prior to installation, an attacker could exploit this vulnerability to gain complete control of the system.
CVSS Base Score: 7.600
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/110446>_ for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Affected Products and Versions
Host On Demand 11.0.14 and earlier
Remediation/Fixes
Fixed IBM® Runtime Environment windows installer is available on Fix Central
IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 Fix Pack 31
IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 21
IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 31
IBM SDK, Java Technology Edition, Version 8 Service Refresh 2 Fix Pack 11
Workarounds and Mitigations
None
Related
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C