There are multiple vulnerabilities in IBMョ Runtime Environments JavaTechnology Edition, Version 5, 6 and 7 that is used by IBM Data Studio Web Console (DSWC). These issues were disclosed as part of the IBM Java SDK updates in January 2015.
CVE-ID:CVE-2014-6593
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVE ID: CVE-2015-0410
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
IBM Data Studio Web Console versions 3.1, 3.1.1, 3.2, 4.1 and 4.1.1**.**
The fix for this vulnerability requires the upgrade of the IBM Java Runtime that is installed with DSWC. Install one of the following IBM Java Runtime versions:
Detailed instructions are provided in the tech-note “Updating the IBM Runtime Environment, Java Technology Edition for IBM Data Studio web console”.
None