Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect DB2 Recovery Expert for Linux, Unix and Windows

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version Java 1.8.0 SR1 FP10 used by DB2 Recovery Expert for Linux, Unix and Windows. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017.

Vulnerability Details

CVEID: CVE-2016-5546 DESCRIPTION: An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120869 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2016-5547 DESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120871 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

DB2 Recovery Expert for Linux, UNIX and Windows V5.1

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
DB2 Recovery Expert for Linux, Unix and Windows| V5.1.3| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2+Recovery+Expert+for+Linux+UNIX+and+Windows&release=5.1&platform=All&function=all

Workarounds and Mitigations

None