There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM Security SiteProtector System. The issue was disclosed as part of the IBM Java SDK updates in April 2016
CVEID: CVE-2016-3426 **
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112457 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
IBM Security SiteProtector System 3.0 and 3.1.1
Apply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view:
For SiteProtector 3.0:
SiteProtector Core Component
|
ServicePack3_0_0_13.xpu
—|—
Event Collector Component
|
RSEvntCol_WINNT_XXX_ST_3_0_0_11.xpu
Agent Manager Component
|
AgentManager_WINNT_XXX_ST_3_0_0_70.xpu
For SiteProtector 3.1.1:
SiteProtector Core Component
|
ServicePack3_1_1_8.xpu
—|—
Alternatively, the packages can be manually obtained from the IBM Security License Key and Download Center using the following URL:
<https://ibmss.flexnetoperations.com/service/ibms/login>
None