There is vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 6.0, 7.0, 8.0 that is used by IBM Tivoli Composite Application Manager for Transactions. These issues were disclosed as part of the IBM Java SDK updates in April 2016.
CVEID: CVE-2016-0363 DESCRIPTION: IBM SDK, Java Technology Edition contains a vulnerability in the IBM ORB implementation that may allow untrusted code running under a security manager to elevate its privileges. This vulnerability was originally reported as CVE-2013-3009.
CVSS Base Score: 8.1
CVSS Temporal Score: See _https://exchange.xforce.ibmcloud.com/vulnerabilities/112016 _for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-0376**
DESCRIPTION:** A vulnerability in IBM Java SDK could allow a remote attacker to execute arbitrary code on the system. This vulnerability allows code running under a security manager to escalate its privileges by modifying or removing the security manager. This vulnerability was originally reported as CVE-2013-5456.
CVSS Base Score: 8.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112152> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM Tivoli Composite Application Manager (ITCAM) for Transactions : Versions 7.3.x.x to 7.4.x.x are affected.
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM Tivoli Composite Application Manager for Transaction | 7.4
7.3| IV84400| FixCentral link
None
CPE | Name | Operator | Version |
---|---|---|---|
tivoli composite application manager for transactions | eq | 7.4 |