There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVEs.
CVEID:CVE-2022-21365
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217659 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2022-21360
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217654 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Decision Optimization Center (DOC) | 3.9.1 |
IBM Decision Optimization Center (DOC) | 3.9.0.2 |
IBM Decision Optimization Center (DOC) | 3.9.0.1 |
IBM Decision Optimization Center (DOC) | 3.9 |
The recommended solution is to download and install the IBM Java SDK as soon as practicable.
Before installing a newer version of IBM Java SDK, please ensure that you:
IBM Decision Optimization Center
From v3.9: IBM SDK, Java Technology Edition, Version 7 Service Refresh 11 Fix Pack 5 and subsequent releases
From v3.9.0.1: IBM SDK, Java Technology Edition, Version 8 Service Refresh 7 Fix Pack 5 and subsequent releases
You must verify that applying this fix does not cause any compatibility issues.
Here are the detailed instructions for updating IBM Java SDK.
None