IBM229759C64D4136F65CF39EB3280FA5FB95CF1F043F8C29F20D1B3B23A5397C9ASecurity Bulletin: Vulnerability in IBM Java SDK affects IBM Decision Optimization Center (CVE-2016-0603)
EPSS
Percentile
96.5%
Summary
There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM Decision Optimization Center. SDK installation executables on the Windows platform are affected by this vulnerability.
Vulnerability Details
CVE-ID: CVE-2016-0603 Description: IBM Java JRE/SDK could allow a remote attacker to execute arbitrary code on the system, caused by an error during the installation process. By persuading a victim to visit a specially crafted web site and downloading files prior to installation, an attacker could exploit this vulnerability to gain complete control of the system.
CVSS Base Score: 7.600
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110446> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Affected Products and Versions
IBM Decision Optimization Center 3.8.0.2 and earlier
Product Version(s)|
Affected Supporting Product and Version
—|—
IBM ILOG Optimization Decision Manager Enterprise: v3.5 - v3.7.0.2
IBM Decision Optimization Center: v3.8 - v3.8.0.2|
IBM JDK Version 6 Service Refresh 16 Fix Pack 21
Remediation/Fixes
The recommended solution is to download and install the IBM Java SDK as soon as practicable.
Before installing a newer version of IBM Java SDK, please ensure that you:
- Close any open programs that you have running;
- Rename the initial directory of the IBM Java SDK (for example: with a .old at the end),
- Download and install IBM Java SDK Version 6 Service Refresh 16 Fix Pack 21 and subsequent releases.
- Here are the detailed instructions for updating IBM Java SDK.
You must verify that applying this fix does not cause any compatibility issues.
Related
EPSS
Percentile
96.5%