There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7, that is used by IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK updates in April 2016.
CVEID: CVE-2016-3426** *DESCRIPTION: An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112457 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2016-0264** *DESCRIPTION: A buffer overflow vulnerability in the IBM JVM facilitates arbitrary code execution under certain limited circumstances.
CVSS Base Score: 5.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110867 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
IBM PureApplication System V2.2
IBM PureApplication System V2.1
IBM PureApplication System V2.0
The PureSystems Manager on IBM PureApplication System is affected. The solution is to upgrade the IBM PureApplication System to the following fix level:
IBM PureApplication System V2.2: Upgrade to IBM PureApplication System V2.2.1
IBM PureApplication System V2.1: Upgrade to IBM PureApplication System V2.1.2.3
IBM PureApplication System V2.0: Contact customer support for upgrade options.
None