There is a vulnerability in IBM® Runtime Environment Java™ Versions 7, 7R1 and 8 that is used by IBM MessageSight. These issues were disclosed as part of the IBM Java SDK updates in July 2016.
If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for “IBM Java SDK Security Bulletin” located in the “References” section for more information.
CVEID: CVE-2016-3598 DESCRIPTION: An unspecified vulnerability related to the Libraries component has high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 9.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115269 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
MessageSight 1.1
MessageSight 1.2 – 1.2.0.3
MessageSight 2.0
Product
|
VRMF|
APAR|
Remediation/First Fix
—|—|—|—
IBM MessageSight| 1.1| IT17737| 1.1.0.1-IBM-IMA-IFIT17737
IBM MessageSight|
1.2| IT17737| 1.2.0.3-IBM-IMA-IFIT17737
IBM MessageSight| 2.0| IT17737| 2.0.0.1-IBM-IMA-IFIT17737
None