There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM Decision Optimization Center. SDK installation executables on the Windows platform are affected by this vulnerability.
CVE-ID: CVE-2016-0603 Description: IBM Java JRE/SDK could allow a remote attacker to execute arbitrary code on the system, caused by an error during the installation process. By persuading a victim to visit a specially crafted web site and downloading files prior to installation, an attacker could exploit this vulnerability to gain complete control of the system.
CVSS Base Score: 7.600
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110446> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)
IBM Decision Optimization Center 3.8.0.2 and earlier
Product Version(s)|
Affected Supporting Product and Version
—|—
IBM ILOG Optimization Decision Manager Enterprise: v3.5 - v3.7.0.2
IBM Decision Optimization Center: v3.8 - v3.8.0.2|
IBM JDK Version 6 Service Refresh 16 Fix Pack 21
The recommended solution is to download and install the IBM Java SDK as soon as practicable.
Before installing a newer version of IBM Java SDK, please ensure that you:
You must verify that applying this fix does not cause any compatibility issues.