IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware (CVE-2016-3426)
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect™ for Virtual Environments) and IBM Tivoli Storage FlashCopy Manager for VMware (IBM Spectrum Protect™ Snapshot). These issues were disclosed as part of the IBM Java SDK updates in April 2016.
CVE(s): CVE-2016-3426
Affected product(s) and affected version(s):
The following products and versions are affected.
- Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (IBM Spectrum Protect for Virtual Environments):
– 7.1.0.0 through 7.1.4.x
(Note there is no 7.1.5 version.) - Tivoli Storage FlashCopy Manager for VMware (IBM Spectrum Protect Snapshot):
– 4.1.0.0 through 4.1.4.x
(Note there is no 4.1.5 version.)
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/28RLcAU
X-Force Database: http://ift.tt/1N2N2xe
from IBM Product Security Incident Response Team http://ift.tt/28RLrfo