IBM Java is shipped as an ITM shared component of IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines. Information about a security vulnerability affecting Linux Kernel-based Virtual Machines agent has been published in a security bulletin.
**CVE IDs:**CVE-2015-2625 CVE-2015-1931
DESCRIPTION: This bulletin covers all applicable Java SE CVEs for this product.
CVEID:CVE-2015-2625
**DESCRIPTION:*An unspecified vulnerability related to the JSSE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 2.60
CVSS Temporal Score:
CVSS Environmental Score: Undefined
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
CVEID:CVE-2015-1931
**DESCRIPTION:*IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system.
CVSS Base Score: 2.10
CVSS Temporal Score:
CVSS Environmental Score: Undefined
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual MachinesVersion6.2.3 includes Java Technology Edition, Version 5.0 Service Refresh 9.
IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual MachinesVersion7.1.0 includes Java Technology Edition, Version 5.0 Service Refresh 12, FP1.
IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines** **Version 7.2.0 includes Java Technology Edition, Version 5.0 Service Refresh 12, FP1.
The fixes for these vulnerabilities are provided in latest Java provided as ITM shared component. Please see the below link to upgrade Java as part of ITM shared component
<http://www-01.ibm.com/support/docview.wss?uid=swg21673490>**.**
APAR numbers are as follows:
IV75166 (CVE-2015-2625)
IV75182 (CVE-2015-1931)
None