There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVEs.
CVEID:CVE-2021-35586
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211661 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-35578
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211654 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Decision Optimization Center (DOC) | 3.9.1 |
IBM Decision Optimization Center (DOC) | 3.9.0.2 |
IBM Decision Optimization Center (DOC) | 3.9.0.1 |
IBM Decision Optimization Center (DOC) | 3.9 |
The recommended solution is to download and install the IBM® Java™ SDK as soon as practicable.
Before installing a newer version of IBM® Java™ SDK, please ensure that you:
IBM Decision Optimization Center
From v3.9: IBM® SDK, Java™ Technology Edition, Version 7 Service Refresh 11 Fix Pack 0 and subsequent releases
From v3.9.0.1:IBM SDK, Java Technology Edition, Version 8 Service Refresh 7 Fix Pack 0 and subsequent releases
You must verify that applying this fix does not cause any compatibility issues.
Here are the detailed instructions for updating IBM JRE.
For Mac OS, HP-UX and Solaris, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
None