There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 Service Refresh 9 Fix Pack 40 that is used by IBM B2B Advanced Communications. These issues were disclosed as part of the IBM Java SDK updates in July 2016.
CVEID: CVE-2016-3485**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 2.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115273 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
IBM Multi-Enterprise Integration Gateway 1.0 - 1.0.0.1
IBM B2B Advanced Communications 1.0.0.2 - 1.0.0.5
The recommended solution is to upgrade to the current release as soon as practical. Please see below for information about the fixes available.
_Fix_* | VRMF | APAR | How to acquire fix |
---|---|---|---|
Fixpack 1.0.0.5_2 | 1.0.0.1 | None | IBM Fix Central > _IBM_B2B_Advanced_Communications_V1.0.0.5_2_iFix_Media _ |
None