There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 7 and 7R1 that are used by IBM MessageSight. These issues were disclosed as part of the IBM Java SDK updates in January 2016.
CVEID: CVE-2016-0402 DESCRIPTION: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109947 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2015-5041 DESCRIPTION: A flaw in the IBM J9 JVM allows code to invoke non-public interface methods under certain circumstances. Untrusted code could potentially exploit this. This could lead to sensitive data being exposed to an attacker, or the attacker being able to inject bad data.
CVSS Base Score: 4.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106719 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
IBM MessageSight V1.1 and V1.2
Product
|
VRMF|
APAR|
Remediation/First Fix
—|—|—|—
IBM MessageSight| 1.1| IT14421| 1.1.0.1-IBM-IMA-IFIT14421
IBM MessageSight|
1.2|
IT14420|
1.2.0.3-IBM-IMA-IFIT14420
None