IBM Security Bulletin: January 2015 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products

Multiple N series products incorporate the Java Runtime Environment (JRE) software libraries. JRE versions up to 8u31 and 7u75 are susceptible to multiple vulnerabilities, potentially leading to an unauthorized Operating System takeover including arbitrary code execution, a partial denial of service, or unauthorized update, insert or delete access to some Java SE accessible data.

CVE(s): CVE-2014-3566, CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2015-0383, CVE-2015-0395, CVE-2015-0400, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2014-6593, CVE-2014-6601, CVE-2015-0410, CVE-2015-0412, CVE-2015-0437

Affected product(s) and affected version(s):

NS OnCommand Core Package: 5.2, 5.2R1, 5.2.1P1, 5.2.1P2;
NS OnCommand Unified Manager for DataONTAP: 6.1R1;
N series VASA Provider: 1.0, 1.0.1;
SnapManager for Oracle: 3.2, 3.3, 3.3.1;
SnapManager for SAP: 3.2, 3.3, 3.3.1;
Virtual Storage Console for VMware vSphere: 4.2.1, 5.0, 6.0, 6.1;

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2jQx6AL
X-Force Database: http://ift.tt/1u9JMAe
X-Force Database: http://ift.tt/1BjhtqX
X-Force Database: http://ift.tt/1BjhvPN
X-Force Database: http://ift.tt/1FAsP9c
X-Force Database: http://ift.tt/1FAsMKw
X-Force Database: http://ift.tt/2jQAfk1
X-Force Database: http://ift.tt/2joBJW3
X-Force Database: http://ift.tt/2jQyMu5
X-Force Database: http://ift.tt/1FAsMKs
X-Force Database: http://ift.tt/1Bjhtr2
X-Force Database: http://ift.tt/1Bjhtr4
X-Force Database: http://ift.tt/1FAsMKq
X-Force Database: http://ift.tt/1BjhvPJ
X-Force Database: http://ift.tt/2jQxaAE
X-Force Database: http://ift.tt/1FAsP9a
X-Force Database: http://ift.tt/1BjhvPD
X-Force Database: http://ift.tt/2jox06T

from IBM Product Security Incident Response Team http://ift.tt/2jQokD0