Security Bulletin: CICS Deployment Assistant for z/OS 5.1
A security vulnerability may exist in the Java™ Runtime Environments (JREs) used on z/OS by CICS Deployment Assistant for z/OS (CICS DA) V5.1. You will need to evaluate your own usage of CICS DA to determine if you are vulnerable.
The content included here will also be available in an update to the CICS DA documentation.
Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality and integrity using vectors related to Java Secure Socket Extension (JSSE).
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90357 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/H:Au/N:C/P:I/P:A/N)
AFFECTED PRODUCTS AND VERSIONS:
CICS Deployment Assistant for z/OS V5.1.
Upgrade the JRE being used by CICS DA server. The recommended versions of the JRE to use are:
Java SDK 6.0.1 SR7-FP1
Java SDK 7 SR6-FP1 or 7R1 SR1
Updated JREs can be found under Products for Java Technology Edition.
SYMBOL 183 \f "Symbol" \s 12 Complete CVSS Guide
SYMBOL 183 \f "Symbol" \s 12 On-line Calculator V2
|Host Transaction Processing||CICS Transaction Server||Security||z/OS||5.1, 4.2, 4.1, 3.2, 3.1|
CICSDA CICS DA
Translate this page: