There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware. These issues were disclosed as part of the IBM Java SDK updates in October 2017.
CVEID: CVE-2017-10356**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133785 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
The following levels of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware are affected:
4.1.0.0 through 4.1.6.3
3.2 and below (all levels) - these releases are EOS
_IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware Release _
| First Fixing VRMF Level|Platform|Link to Fix / Fix Availability Target
—|—|—|—
4.1| 4.1.6.4| Linux| http://www.ibm.com/support/docview.wss?uid=swg24044554
3.2 and below|
|
| Release 3.2 and below are EOS. Customers on these releases should upgrade to 4.1.6.4 or higher.
None