IBM Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware (CVE-2017-10115, CVE-2017-10116)

There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware. These issues were disclosed as part of the IBM Java SDK updates in July 2017.

CVE(s): CVE-2017-10115, CVE-2017-10116

Affected product(s) and affected version(s):

The following levels of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware are affected:

• 4.1.0.0 through 4.1.6.2
• 3.2 and below (all levels) – these releases are EOS

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22013067
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128876
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128877

The post IBM Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware (CVE-2017-10115, CVE-2017-10116) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2DRrtwB