There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6, 7 and 8 used by affect WebSphere DataPower XC10 Appliance. These issues were disclosed as part of the IBM Java SDK updates in October 2016.
CVEID: CVE-2016-5597**
DESCRIPTION:** An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118071 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
WebSphere DataPower XC10 Appliance Version 2.1
WebSphere DataPower XC10 Appliance Version 2.5
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
WebSphere DataPower XC10 Appliance V2.1 on appliance 9235-92X| 2.1| IT19814| Refer to the Version 2.1 table in Recommended fixes for WebSphere DataPower XC10 Appliance.
WebSphere DataPower XC10 Appliance V2.1 on appliance 7199-92X| 2.1| IT19814| Refer to the** Version 2.1** table in Recommended fixes for WebSphere DataPower XC10 Appliance.
WebSphere DataPower XC10 Appliance V2.5 on appliance 7199-92X| Version 2.5 with SSD drivers **
Important**: See More Information link and follow instructions to determine if you have an old or newer SSD driver on your appliance using the show ssd-version command.| IT19814| Refer to theVersion 2.5 table in Recommended fixes for WebSphere DataPower XC10 Appliance.
WebSphere DataPower XC10 Appliance V2.5 virtual image| 2.5| IT19814| Refer to the** Version 2.5** table in Recommended fixes for WebSphere DataPower XC10 Appliance.
None
CPE | Name | Operator | Version |
---|---|---|---|
websphere datapower xc10 appliance | eq | 2.5 | |
websphere datapower xc10 appliance | eq | 2.1 |