There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVEs.
CVEID:CVE-2020-2757
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179657 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2020-2756
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179656 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Decision Optimization Center (DOC) | 3.9.1 |
IBM Decision Optimization Center (DOC) | 3.9.0.2 |
IBM Decision Optimization Center (DOC) | 3.9.0.1 |
IBM Decision Optimization Center (DOC) | 3.9 |
IBM Decision Optimization Center (DOC) | 3.8.0.2 |
IBM Decision Optimization Center (DOC) | 3.8.0.1 |
IBM Decision Optimization Center (DOC) | 3.8 |
IBM ILOG Optimization Decision Manager Enterprise (ODME) | 3.7.0.2 |
IBM ILOG Optimization Decision Manager Enterprise (ODME) | 3.7.0.1 |
IBM ILOG Optimization Decision Manager Enterprise (ODME) | 3.7 |
The recommended solution is to download and install the IBM® Java™ SDK as soon as practicable.
Note that IBM® Java™ 6 is no longer supported anymore. IBM recommends upgrading to DOC 3.8.0.2, 3.9.1 or subsequent releases.
Before installing a newer version of IBM® Java™ SDK, please ensure that you:
IBM Decision Optimization Center
From v3.8.0.2: IBM® SDK, Java™ Technology Edition, Version 7 Service Refresh 10 Fix Pack 65 and subsequent releases
From v3.9.0.1: IBM® SDK, Java™ Technology Edition, Version 8 Service Refresh 6 Fix Pack 10 and subsequent releases
You must verify that applying this fix does not cause any compatibility issues.
Here are the detailed instructions for updating IBM Java SDK.
None