Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2019. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware.
Updated 18 March 2020: Added link to 4.1.6.9 fix
CVEID:CVE-2019-2989
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169295 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Snapshot for VMware | 4.1.0.0-4.1.6.8 |
Spectrum Protect Snapshot for VMware Release |First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
4.1 | 4.1.6.9 | Linux | https://www.ibm.com/support/pages/node/5694321
None