IBM Security Bulletin: Multiple vulnerabilities have been identified in IBM Java SDK affecting WebSphere Application Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud
There are multiple vulnerabilities in IBM® SDK Java™ Runtime Environments (JREs), Versions 6, 7, 7R1 shipped with IBM WebSphere Application Server patterns. These issues were disclosed as part of the IBM Java SDK updates in April 2016.
CVE(s): CVE-2016-3427, CVE-2016-3426
Affected product(s) and affected version(s):
IBM Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0,1.0.0.1, 1.0.0.2,1.0.0.3,1.0.0.4, 1.0.0.5, 1.0.0.7,1.0.1.0,1.0.2.0 and 2.2.0.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/1UhQLUU
X-Force Database: http://ift.tt/1N2N48r
X-Force Database: http://ift.tt/1N2N2xe
from IBM Product Security Incident Response Team http://ift.tt/1TZL9T8