There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 1.6 , 1.7 and 1.8 that is used by Rational Host On Demand .JRE installation executables on the Windows platform are affected by this vulnerability.
CVE-ID: CVE-2016-0603 Description: IBM Java JRE/SDK could allow a remote attacker to execute arbitrary code on the system, caused by an error during the installation process. By persuading a victim to visit a specially crafted web site and downloading files prior to installation, an attacker could exploit this vulnerability to gain complete control of the system.
CVSS Base Score: 7.600
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/110446>_ for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Host On Demand 11.0.14 and earlier
Fixed IBM® Runtime Environment windows installer is available on Fix Central
IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 Fix Pack 31
IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 21
IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 31
IBM SDK, Java Technology Edition, Version 8 Service Refresh 2 Fix Pack 11
None