PI70239: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect WebSphere eXtreme Scale

APAR status

Closed as program error.

Error description

There are multiple vulnerabilities in IBM Runtime Environment
Java Version 6, 7 and 8 that is used by WebSphere Extreme
Scale. These issues were disclosed as part of the IBM Java SDK
updates in July 2016.

Local fix

```
PSIRT
```

Problem summary

****************************************************************
* USERS AFFECTED:  All users of WebSphere eXtreme Scale        *
*                  7.1.1, 8.5, and 8.6 clients and servers     *
****************************************************************
* PROBLEM DESCRIPTION: CVEID: CVE-2016-3485                    *
*                      DESCRIPTION: An unspecified             *
*                      vulnerability related to the            *
*                      Networking component has no             *
*                      confidentiality impact, low integrity   *
*                      impact, and no availability impact.     *
*                      CVSS Base Score: 2.9                    *
*                      CVSS Temporal Score: See                *
*                      https://exchange.xforce.ibmcloud.com/vu *
*                      lnerabilities/115273 for the current    *
*                      score                                   *
*                      CVSS Environmental Score*: Undefined    *
*                      CVSS Vector:                            *
*                      (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I *
*                      :L/A:N)                                 *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Multiple vulnerabilities in IBM SDK, Java Technology Edition
affect WebSphere eXtreme Scale: CVE-2016-3485

Problem conclusion

A fix has been provided, available at this link:
http://www-01.ibm.com/support/docview.wss?uid=swg27018991

Temporary fix

Comments

APAR Information

APAR number
PI70239
Reported component name
WS EXTREME SCAL
Reported component ID
5724X6702
Reported release
861
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-10-05
Closed date
2016-11-30
Last modified date
2016-11-30

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

PI70240

Fix information

Fixed component name
WS EXTREME SCAL
Fixed component ID
5724X6702

Applicable component levels

R711 PSY
UP
R850 PSY
UP
R860 PSY
UP
R861 PSY
UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSTVLU","label":"WebSphere eXtreme Scale"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"861","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
30 November 2016

Tips

PI70239: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect WebSphere eXtreme Scale

Subscribe to this APAR

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R711 PSY

R850 PSY

R860 PSY

R861 PSY

Document Information

Share your feedback

Need support?