There is a vulnerability in IBM® Runtime Environment Java™ Versions 6 and 7 that are used by IBM Cognos Metrics Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2016.
CVEID: CVE-2016-3427** *DESCRIPTION: An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112459 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
The recommended solution is to apply the fix as soon as practical. As the fix is in a shared component across the Business Intelligence portfolio, applying the BI Interim Fix will resolve the issue. Note that the prerequisites named in the links are also satisfied by an IBM Cognos Metrics Manager install of the same version.
IBM Cognos Business Intelligence 10.1.1 Interim Fixes
IBM Cognos Business Intelligence 10.2.x Interim Fixes
None