Multiple N Series Products incorporate the Oracle Java Platform, Standard Edition (Java SE) software libraries. Java SE (JDK and JRE) versions below6u113, 7u97 or 8u73 are susceptible to a vulnerability potentially leading to an unauthorized Operating System takeover.
CVEID: CVE-2016-0603**
DESCRIPTION:** Oracle Java SE could allow a remote attacker to execute arbitrary code on the system, caused by an error during the installation process. By persuading a victim to visit a specially crafted web site and downloading files prior to installation, an attacker could exploit this vulnerability to gain complete control of the system.
CVSS Base Score: 7.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110446 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
NS OnCommand Core Package: 5.2, 5.2R1, 5.2.1P1, 5.2.1P2;
For NS OnCommand Core Package: the fix exists from microcode version: 5.2.2;
Please contact IBM support or go to this link to download a supported release.
None.