IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server (CVE-2016-3550, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610)

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 and Version 7 that are used by IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server. These issues were disclosed as part of the IBM Java SDK updates in July 2016.

CVE(s): CVE-2016-3610, CVE-2016-3598, CVE-2016-3606, CVE-2016-3587, CVE-2016-3550

Affected product(s) and affected version(s):

IBM CPLEX Optimization Studio (COS) v12.6.3 and earlier
IBM CPLEX Enterprise Server (CES) v12.6.3 and earlier

NOTE: CVE-2016-3610, CVE-2016-3606, CVE-2016-3587 and CVE-2016-3550 affect IBM SDK, Java Technology Edition on Solaris, HP-UX and Mac OS only.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2bZYV7E
X-Force Database: http://ift.tt/2b7GBwx
X-Force Database: http://ift.tt/2aGcUP3
X-Force Database: http://ift.tt/2b7H1Te
X-Force Database: http://ift.tt/2aGbWSW
X-Force Database: http://ift.tt/2aGc4lp

from IBM Product Security Incident Response Team http://ift.tt/2bZYVEZ