IBM Check out the new support experience beta

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6.0.16.21 and earlier that is shipped with Tivoli Storage Productivity Center for download and use with its Java WebStart GUI. These issues were disclosed as part of the IBM Java SDK updates in April 2016.

CVE(s): CVE-2016-0363

Affected product(s) and affected version(s):

IBM® Runtime Environment Java™ Technology Edition, Version 6.0.16.21 and earlier that is provided for download and use with the Java WebStart GUI from the following versions:

  • Tivoli Storage Productivity Center 5.2.0 through 5.2.7.1
  • Tivoli Storage Productivity Center 5.1.0 through 5.1.1.10
  • Tivoli Storage Productivity Center 4.2.0 through 4.2.2.195

The versions listed above apply to all licensed offerings of Tivoli Storage Productivity Center, including IBM SmartCloud Virtual Storage Center Storage Analytics Engine.

System Storage Productivity Center is affected if it has one of the versions listed above installed.

Note:
The Tivoli Storage Productivity Center server component is not directly affected. However, the affected versions listed above provide an interface to download the affected IBM® Runtime Environment Java™ Technology Edition. It you did not download and install this IBM® Runtime Environment Java™ Technology Edition on any systems, such as is required for the Tivoli Storage Productivity Center GUI that launches using Java WebStart, you are not affected and do not need to apply a fix.

Starting with IBM Spectrum Control 5.2.8, the IBM Runtime Environment Java Technology Edition is not included and IBM Spectrum Control is not affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/292VL1b
X-Force Database: http://ift.tt/1Tg5v67



from IBM Product Security Incident Response Team http://ift.tt/2903vir