There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0.10.15 and earlier and 8.0.5.7 and earlier and IBM® Runtime Environment Java™ Version 7.0.10.15 and earlier and 8.0.5.7 and earlier used by IBM Algo One - Algo Risk Application. These issues were disclosed as part of the IBM Java SDK updates in January 2018.
CVEID: CVE-2018-2638**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137890 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2018-2639**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137891 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2017-10356**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133785 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
IBM Algo One - Algo Risk Application 5.0.0.6, 5.1.0.3
Product Name
| iFix Name|Remediation/First Fix
—|—|—
IBM Algo One - ARA| 5.1.0.3-3| Fix Central Download
IBM Algo One - ARA| 5.0.0.6-23| Fix Central Download