Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB71F24CCDA86E986DF1A6A9E807D413FBB9C9A92E0034ADE4C0B630656CB4126
HistoryJun 16, 2018 - 1:42 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect Decision Optimization Center (CVE-2016-3598)

2018-06-1613:42:42
www.ibm.com
17

EPSS

0.016

Percentile

87.4%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Version 6 and Version 7 that are used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in July 2016.

Vulnerability Details

If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for “IBM Java SDK Security Bulletin” located in the “References” section for more information.

CVEID: CVE-2016-3598 DESCRIPTION: An unspecified vulnerability related to the Libraries component has high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 9.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115269 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

Affected Products and Versions

IBM Decision Optimization Center v3.9 and earlier

Remediation/Fixes

IBM ILOG ODM Enterprise
From v3.5 to v3.7.0.2: IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 30 and subsequent releases

IBM Decision Optimization Center
From v3.8 to v3.8.0.1: IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 30 and subsequent releases
From v3.8.0.2: IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 Fix Pack 50 and subsequent releases

The recommended solution is to download and install the IBM Java SDK as soon as practicable.

Before installing a newer version of IBM Java SDK, please ensure that you:

  • Close any open programs that you have running;
  • Rename the initial directory of the IBM Java SDK (for example: with a .old at the end),
  • Download and install IBM Java SDK.

Here are the detailed instructions for updating IBM Java SDK.

You must verify that applying this fix does not cause any compatibility issues.

Workarounds and Mitigations

None

Related

zdi 1
veracode 1
ibm 28
redhatcve 2
redhat 7
ubuntucve 2
cvelist 2
nessus 37
prion 2
debiancve 2
nvd 2
cve 2
aix 1
openvas 27
suse 10
archlinux 3
oraclelinux 2
centos 2
ubuntu 2
osv 3
amazon 2
mageia 1
f5 2
kaspersky 1
gentoo 2
oracle 1
zdi
zdi
Oracle Java MethodHandles dropArguments Remote Code Execution Vulnerability
2016-07-21 00:00:00
veracode
veracode
Privilege Escalation
2019-05-02 05:39:34
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageSight (CVE-2016-3598)
2018-06-17 15:29:54
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions(CVE-2016-3598, CVE-2016-3485)
2018-06-17 15:27:46
Security Bulletin: Multiple vulnerabilities may affect IBM® WebSphere Real Time
2018-06-15 07:06:02
redhatcve
redhatcve
CVE-2016-3610
2016-07-20 07:48:36
CVE-2016-3598
2016-07-20 07:48:42
redhat
redhat
(RHSA-2016:1587) Critical: java-1.8.0-ibm security update
2016-08-10 13:34:08
(RHSA-2016:1588) Critical: java-1.7.1-ibm security update
2016-08-10 13:34:23
(RHSA-2016:1589) Critical: java-1.7.0-ibm security update
2016-08-10 00:00:00
ubuntucve
ubuntucve
CVE-2016-3610
2016-07-21 00:00:00
CVE-2016-3598
2016-07-21 00:00:00
cvelist
cvelist
CVE-2016-3610
2016-07-21 10:00:00
CVE-2016-3598
2016-07-21 10:00:00
nessus
nessus
RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2016:1588)
2016-08-11 00:00:00
RHEL 6 / 7 : java-1.8.0-ibm (RHSA-2016:1587)
2016-08-11 00:00:00
RHEL 5 : java-1.7.0-ibm (RHSA-2016:1589)
2016-08-11 00:00:00
prion
prion
Buffer overflow
2016-07-21 10:14:00
Buffer overflow
2016-07-21 10:14:00
debiancve
debiancve
CVE-2016-3598
2016-07-21 10:14:38
CVE-2016-3610
2016-07-21 10:14:43
nvd
nvd
CVE-2016-3610
2016-07-21 10:14:43
CVE-2016-3598
2016-07-21 10:14:38
cve
cve
CVE-2016-3598
2016-07-21 10:14:38
CVE-2016-3610
2016-07-21 10:14:43
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-08-18 15:35:03
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:2261-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2347-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2726-1)
2021-04-19 00:00:00
suse
suse
Security update for java-1_8_0-ibm (important)
2016-11-04 15:16:34
Security update for java-1_7_1-ibm (important)
2016-09-07 20:09:17
Security update for java-1_7_0-ibm (important)
2016-09-10 16:09:41
archlinux
archlinux
jdk7-openjdk: multiple issues
2016-08-05 00:00:00
jre7-openjdk-headless: multiple issues
2016-08-05 00:00:00
jre7-openjdk: multiple issues
2016-08-05 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2016-07-27 00:00:00
java-1.8.0-openjdk security update
2016-07-20 00:00:00
centos
centos
java security update
2016-07-27 10:40:30
java security update
2016-07-20 15:49:13
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2016-08-16 00:00:00
OpenJDK 8 vulnerabilities
2016-07-27 00:00:00
osv
osv
openjdk-7 - security update
2016-08-05 00:00:00
java-1_8_0-openjdk-1.8.0.111-1.1 on GA media
2024-06-15 00:00:00
java-1_7_0-openjdk-1.7.0.121-1.1 on GA media
2024-06-15 00:00:00
amazon
amazon
Important: java-1.7.0-openjdk
2016-08-01 13:30:00
Critical: java-1.8.0-openjdk
2016-07-20 18:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerability
2016-08-03 13:57:01
f5
f5
SOL40521234 - Multiple Oracle Java SE vulnerabilities
2016-09-07 00:00:00
K40521234 : Multiple Oracle Java SE vulnerabilities
2016-09-07 00:00:00
kaspersky
kaspersky
KLA10849 Multiple vulnerabilities in Oracle Java SE
2016-07-19 00:00:00
gentoo
gentoo
IcedTea: Multiple vulnerabilities
2017-01-19 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2016-10-15 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00

EPSS

0.016

Percentile

87.4%

JSON
Related for B71F24CCDA86E986DF1A6A9E807D413FBB9C9A92E0034ADE4C0B630656CB4126
zdi1veracode1ibm28redhatcve2redhat7ubuntucve2cvelist2nessus37prion2debiancve2nvd2cve2aix1openvas27suse10archlinux3oraclelinux2centos2ubuntu2osv3amazon2mageia1f52kaspersky1gentoo2oracle1