There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server. IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server have addressed the applicable CVE.
CVEID:CVE-2019-2958
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169264 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM ILOG CPLEX Optimization Studio (COS) | 12.10 |
IBM ILOG CPLEX Optimization Studio (COS) | 12.9 |
IBM ILOG CPLEX Optimization Studio (COS) | 12.8 |
IBM ILOG CPLEX Optimization Studio (COS) | 12.7.1 |
IBM ILOG CPLEX Optimization Studio (COS) | 12.7 |
The recommended solution is to download and install the appropriate version of IBM JRE as soon as practicable.
Please note that Java 6 is no longer supported anymore. IBM recommends upgrading to COS 12.10 and subsequent releases.
Before installing a newer version of IBM JRE, please ensure that you:
IBM ILOG CPLEX Optimization Studio and** IBM ILOG CPLEX Enterprise Server:**
IBM JRE Version 8 Service Refresh 6 and subsequent releases
You must verify that applying this fix does not cause any compatibility issues.
Here are the detailed instructions for updating IBM JRE.
For HP-UX and Solaris, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
None