There are multiple vulnerabilities in IBM® Runtime Environment Java™, Versions 7 and 8 that is provided with AppScan Source. These issues were disclosed as part of the IBM Java SDK updates for April 2017.
IBM Security AppScan Source is providing an IBM Java SDK update that includes fixes for security vulnerabilities. If you run Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether these vulnerabilities are applicable to your code.
CVE(s):
For a complete list of vulnerabilities, see http://ift.tt/2q7C5TC
Affected product(s) and affected version(s):
Principal Product and Version(s) | Affected IBM Java SDK Version |
IBM Security AppScan Source 9.0.1, 9.0.2, 9.0.3 | IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 1 and earlier releases IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 1 and earlier releases IBM SDK, Java Technology Edition, Version 8 Service Refresh 4 Fix Pack 2 and earlier releases |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2zvoICK
The post IBM Security Bulletin: IBM Security AppScan Source update of IBM® Runtime Environment Java™ appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2ziQYYp
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.