There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect™ for Virtual Environments) and IBM Tivoli Storage FlashCopy Manager for VMware (IBM Spectrum Protect™ Snapshot). These issues were disclosed as part of the IBM Java SDK updates in April 2016.
CVEID: CVE-2016-3426**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112457 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
The following products and versions are affected.
Tivoli Storage Manager for VE: Data Protection for VMware Release
| First Fixing VRMF Level|Client Platform|Link to Fix / Fix Availability Target
—|—|—|—
7.1| 7.1.6| Linux
Windows| http://www.ibm.com/support/docview.wss?uid=swg24042232 **_Tivoli Storage
FlashCopy Manager for VMware Release_** | First Fixing VRMF Level | Client Platform | Link to Fix / Fix Availability Target |
---|---|---|---|
4.1 | 4.1.6 | Linux | http://www.ibm.com/support/docview.wss?uid=swg24042168 |
None