Security Vulnerabilities
This page lists recent Security Vulnerabilities addressed in the Developer Kits currently available from our downloads page.
IBM customers requiring these fixes in a binary IBM Java SDK/JRE for use with an IBM product should contact IBM Support and engage the appropriate product service team.
Security Bulletins can also be found on the IBM Support Portal.
- Oracle October 16 2018 CPU (1.6.0_211, 1.7.0_201, 1.8.0_191)
- IBM Security Update August 2018
- Oracle July 17 2018 CPU (1.6.0_201, 1.7.0_191, 1.8.0_181)
- Oracle April 17 2018 CPU (1.6.0_191, 1.7.0_181, 1.8.0_171)
- IBM Security Update February 2018
- Oracle January 16 2018 CPU (1.6.0_181, 1.7.0_171, 1.8.0_161)
- Oracle October 17 2017 CPU (1.6.0_171, 1.7.0_161, 1.8.0_151)
- IBM Security Update August 2017
- Oracle July 18 2017 CPU (1.6.0_161, 1.7.0_151, 1.8.0_141)
- IBM Security Update May 2017
- Oracle April 18 2017 CPU (1.6.0_151, 1.7.0_141, 1.8.0_131)
- Oracle January 17 2017 CPU (1.6.0_141, 1.7.0_131, 1.8.0_121)
- Oracle October 18 2016 CPU (1.6.0_131, 1.7.0_121, 1.8.0_111)
- Oracle July 19 2016 CPU (6u121, 7u111, 8u101)
- IBM Security Update April 2016
- Oracle April 19 2016 CPU (6u115, 7u101, 8u91)
- Oracle Security Alert for CVE-2016-0636 (7u99, 8u77)
- Oracle Security Alert for CVE-2016-0603 (6u113, 7u97, 8u73)
- IBM Security Update January 2016
- Oracle January 19 2016 CPU (6u111, 7u95, 8u71)
Oracle October 16 2018 CPU (1.6.0_211, 1.7.0_201, 1.8.0_191)
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes |
|---|---|---|---|---|---|
| CVE-2018-3183 | 9 | N/A |
N/A |
8.0.5.25 | |
| CVE-2018-3209 | 8.3 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2018-3169 | 8.3 | N/A |
Fix in progress | 8.0.5.25 | |
| CVE-2018-3149 | 8.3 | Fix in progress | Fix in progress | 8.0.5.25 | |
| CVE-2018-3211 | 6.6 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2018-3180 | 5.6 | Fix in progress | Fix in progress | 8.0.5.25 | |
| CVE-2018-3214 | 5.3 | Fix in progress | Fix in progress | 8.0.5.25 | |
| CVE-2018-3157 | 4.3 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2018-13785 | 3.7 | Fix in progress | Fix in progress | 8.0.5.25 | |
| CVE-2018-3136 | 3.4 | Fix in progress | Fix in progress | 8.0.5.25 | |
| CVE-2018-3150 | 3.1 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2018-3139 | 3.1 | Fix in progress | Fix in progress | 8.0.5.25 |
Further information on Oracle’s October 16 2018 Critical Patch Update is available here.
IBM Security Update August 2018
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes |
|---|---|---|---|---|---|
| CVE-2018-12539 | 8.4 | 6.0.16.70 6.1.8.70 |
7.0.10.30 7.1.4.30 |
8.0.5.20 | |
| CVE-2018-1656 | 7.4 | 6.0.16.70 6.1.8.70 |
7.0.10.30 7.1.4.30 |
8.0.5.20 | |
| CVE-2018-1517 | 5.9 | 6.0.16.70 6.1.8.70 |
7.0.10.30 7.1.4.30 |
8.0.5.20 | |
| CVE-2017-3736 | 5.9 | N/A |
N/A |
8.0.5.20 | Applicable only when using IBMJCEPlus |
| CVE-2017-3732 | 5.3 | N/A |
N/A |
8.0.5.20 | Applicable only when using IBMJCEPlus |
| CVE-2016-0705 | 3.7 | N/A |
N/A |
8.0.5.20 | Applicable only when using IBMJCEPlus |
Further information on the August 2018 IBM Security Update is available here.
Oracle July 17 2018 CPU (1.6.0_201, 1.7.0_191, 1.8.0_181)
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes |
|---|---|---|---|---|---|
| CVE-2018-2938 | 9 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2018-2964 | 8.3 | N/A |
N/A |
8.0.5.20 | Applicable on Windows Only |
| CVE-2018-2941 | 8.3 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2018-2942 | 8.3 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2018-2973 | 5.9 | 6.0.16.70 6.1.8.70 |
7.0.10.30 7.1.4.30 |
8.0.5.20 | |
| CVE-2018-2972 | 5.9 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2018-2940 | 4.3 | 6.0.16.70 6.1.8.70 |
7.0.10.30 7.1.4.30 |
8.0.5.20 | |
| CVE-2018-2952 | 3.7 | 6.0.16.70 6.1.8.70 |
7.0.10.30 7.1.4.30 |
8.0.5.20 |
Further information on Oracle’s July 17 2018 Critical Patch Update is available here.
Oracle April 17 2018 CPU (1.6.0_191, 1.7.0_181, 1.8.0_171)
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes | |
|---|---|---|---|---|---|---|
| CVE-2018-2826 | 8.3 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK | |
| CVE-2018-2825 | 8.3 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK | |
| CVE-2018-2814 | 8.3 | 6.0.16.65 6.1.8.65 |
7.0.10.25 7.1.4.25 |
8.0.5.15 | Applicable on Solaris, HP-UX and Mac OS only | |
| CVE-2018-2794 | 7.7 | 6.0.16.65 6.1.8.65 |
7.0.10.25 7.1.4.25 |
8.0.5.15 | ||
| CVE-2018-2783 | 7.4 | 6.0.16.65 6.1.8.65 |
7.0.10.25 7.1.4.25 |
8.0.5.15 | ||
| CVE-2018-2815 | 5.3 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK | |
| CVE-2018-2799 | 5.3 | N/A |
7.0.10.25 7.1.4.25 |
8.0.5.15 | ||
| CVE-2018-2798 | 5.3 | 6.0.16.65 6.1.8.65 |
7.0.10.25 7.1.4.25 |
8.0.5.15 | ||
| CVE-2018-2797 | 5.3 | 6.0.16.65 6.1.8.65 |
7.0.10.25 7.1.4.25 |
8.0.5.15 | ||
| CVE-2018-2796 | 5.3 | N/A |
7.0.10.25 7.1.4.25 |
8.0.5.15 | ||
| CVE-2018-2795 | 5.3 | 6.0.16.65 6.1.8.65 |
7.0.10.25 7.1.4.25 |
8.0.5.15 | ||
| CVE-2018-2800 | 4.2 | 6.0.16.65 6.1.8.65 |
7.0.10.25 7.1.4.25 |
8.0.5.15 | ||
| CVE-2018-2790 | 3.1 | 6.0.16.65 6.1.8.65 |
7.0.10.25 7.1.4.25 |
8.0.5.15 |
Further information on Oracle’s April 17 2018 Critical Patch Update is available here.
IBM Security Update February 2018
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes |
|---|---|---|---|---|---|
| CVE-2018-1417 | 8.1 | N/A |
7.1.4.20 | 8.0.5.10 |
Further information on the February 2018 IBM Security Update is available here.
Oracle January 16 2018 CPU (1.6.0_181, 1.7.0_171, 1.8.0_161)
Further information on Oracle’s January 16 2018 Critical Patch Update is available here.
Oracle October 17 2017 CPU (1.6.0_171, 1.7.0_161, 1.8.0_151)
Further information on Oracle’s October 17 2017 Critical Patch Update is available here.
IBM Security Update August 2017
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes |
|---|---|---|---|---|---|
| CVE-2017-1376 | 9.8 | 6.1.8.50 | 7.0.10.10 7.1.4.10 |
8.0.4.7 |
Further information on the August 2017 IBM Security Update is available here.
Oracle July 18 2017 CPU (1.6.0_161, 1.7.0_151, 1.8.0_141)
Further information on Oracle’s July 18 2017 Critical Patch Update is available here.
IBM Security Update May 2017
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes |
|---|---|---|---|---|---|
| CVE-2017-1289 | 8.2 | N/A |
N/A |
8.0.4.5 | |
| CVE-2016-9840 | 3.3 | 6.0.16.45 6.1.8.45 |
7.0.10.5 7.1.4.5 |
8.0.4.5 | Solaris, HP-UX and Mac OS platforms are fixed in a later release |
| CVE-2016-9841 | 3.3 | 6.0.16.45 6.1.8.45 |
7.0.10.5 7.1.4.5 |
8.0.4.5 | Solaris, HP-UX and Mac OS platforms are fixed in a later release |
| CVE-2016-9842 | 3.3 | 6.0.16.45 6.1.8.45 |
7.0.10.5 7.1.4.5 |
8.0.4.5 | Solaris, HP-UX and Mac OS platforms are fixed in a later release |
| CVE-2016-9843 | 3.3 | 6.0.16.45 6.1.8.45 |
7.0.10.5 7.1.4.5 |
8.0.4.5 | Solaris, HP-UX and Mac OS platforms are fixed in a later release |
Further information on the May 2017 IBM Security Update is available here.
Oracle April 18 2017 CPU (1.6.0_151, 1.7.0_141, 1.8.0_131)
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes |
|---|---|---|---|---|---|
| CVE-2017-3514 | 8.3 | 6.0.16.45 6.1.8.45 |
7.0.10.5 7.1.4.5 |
8.0.4.5 | |
| CVE-2017-3512 | 8.3 | N/A |
7.0.10.5 7.1.4.5 |
8.0.4.5 | |
| CVE-2017-3511 | 7.7 | N/A |
7.0.10.5 7.1.4.5 |
8.0.4.5 | |
| CVE-2017-3526 | 5.9 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2017-3509 | 4.2 | 6.0.16.45 6.1.8.45 |
7.0.10.5 7.1.4.5 |
8.0.4.5 | |
| CVE-2017-3544 | 3.7 | 6.0.16.45 6.1.8.45 |
7.0.10.5 7.1.4.5 |
8.0.4.5 | |
| CVE-2017-3533 | 3.7 | 6.0.16.45 6.1.8.45 |
7.0.10.5 7.1.4.5 |
8.0.4.5 | |
| CVE-2017-3539 | 3.1 | 6.0.16.45 6.1.8.45 |
7.0.10.5 7.1.4.5 |
8.0.4.5 |
Further information on Oracle’s April 18 2017 Critical Patch Update is available here.
Oracle January 17 2017 CPU (1.6.0_141, 1.7.0_131, 1.8.0_121)
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes |
|---|---|---|---|---|---|
| CVE-2017-3289 | 9.6 | N/A |
7.0.10.0 7.1.4.0 |
8.0.4.0 | |
| CVE-2017-3272 | 9.6 | 6.0.16.40 6.1.8.40 |
7.0.10.0 7.1.4.0 |
8.0.4.0 | |
| CVE-2017-3241 | 9 | 6.0.16.40 6.1.8.40 |
7.0.10.0 7.1.4.0 |
8.0.4.0 | |
| CVE-2017-3260 | 8.3 | 6.0.16.40 6.1.8.40 |
7.0.10.0 7.1.4.0 |
8.0.4.0 | Applicable to Mac OS only |
| CVE-2016-5546 | 7.5 | 6.0.16.40 6.1.8.40 |
7.0.10.0 7.1.4.0 |
8.0.4.0 | |
| CVE-2017-3253 | 7.5 | 6.0.16.40 6.1.8.40 |
7.0.10.0 7.1.4.0 |
8.0.4.0 | |
| CVE-2016-5548 | 6.5 | 6.0.16.40 6.1.8.40 |
7.0.10.0 7.1.4.0 |
8.0.4.0 | |
| CVE-2016-5549 | 6.5 | 6.0.16.40 6.1.8.40 |
7.0.10.0 7.1.4.0 |
8.0.4.0 | |
| CVE-2017-3252 | 5.8 | 6.0.16.40 6.1.8.40 |
7.0.10.0 7.1.4.0 |
8.0.4.0 | |
| CVE-2016-5547 | 5.3 | N/A |
7.0.10.0 7.1.4.0 |
8.0.4.0 | |
| CVE-2016-5552 | 5.3 | 6.0.16.40 6.1.8.40 |
7.0.10.0 7.1.4.0 |
8.0.4.0 | |
| CVE-2017-3261 | 4.3 | 6.0.16.40 6.1.8.40 |
7.0.10.0 7.1.4.0 |
8.0.4.0 | |
| CVE-2017-3231 | 4.3 | 6.0.16.40 6.1.8.40 |
7.0.10.0 7.1.4.0 |
8.0.4.0 | |
| CVE-2017-3259 | 3.7 | 6.0.16.40 6.1.8.40 |
7.0.10.0 7.1.4.0 |
8.0.4.0 | |
| CVE-2016-2183 | 3.1 | 6.0.16.41 6.1.8.41 |
7.0.10.1 7.1.4.1 |
8.0.4.1 |
Further information on Oracle’s January 17 2017 Critical Patch Update is available here.
Oracle October 18 2016 CPU (1.6.0_131, 1.7.0_121, 1.8.0_111)
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes |
|---|---|---|---|---|---|
| CVE-2016-5582 | 9.6 | 6.0.16.35 6.1.8.35 |
7.0.9.60 7.1.3.60 |
8.0.3.20 | Applicable on Solaris, HP-UX and Mac OS only |
| CVE-2016-5568 | 9.6 | 6.0.16.35 6.1.8.35 |
7.0.9.60 7.1.3.60 |
8.0.3.20 | |
| CVE-2016-5556 | 9.6 | 6.0.16.35 6.1.8.35 |
7.0.9.60 7.1.3.60 |
8.0.3.20 | |
| CVE-2016-5573 | 8.3 | 6.0.16.35 6.1.8.35 |
7.0.9.60 7.1.3.60 |
8.0.3.20 | |
| CVE-2016-5597 | 5.9 | 6.0.16.35 6.1.8.35 |
7.0.9.60 7.1.3.60 |
8.0.3.20 | |
| CVE-2016-5554 | 4.3 | 6.0.16.35 6.1.8.35 |
7.0.9.60 7.1.3.60 |
8.0.3.20 | |
| CVE-2016-5542 | 3.1 | 6.0.16.35 6.1.8.35 |
7.0.9.60 7.1.3.60 |
8.0.3.20 |
Further information on Oracle’s October 18 2016 Critical Patch Update is available here.
Oracle July 19 2016 CPU (6u121, 7u111, 8u101)
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes |
|---|---|---|---|---|---|
| CVE-2016-3610 | 9.6 | N/A |
N/A |
8.0.3.10 | Applicable on Solaris, HP-UX and Mac OS only |
| CVE-2016-3598 | 9.6 | N/A |
7.0.9.50 7.1.3.50 |
8.0.3.10 | |
| CVE-2016-3606 | 9.6 | N/A |
7.0.9.50 | 8.0.3.10 | Applicable on Solaris, HP-UX and Mac OS only |
| CVE-2016-3587 | 9.6 | N/A |
N/A |
8.0.3.10 | Applicable on Solaris, HP-UX and Mac OS only |
| CVE-2016-3552 | 8.1 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2016-3503 | 7.7 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2016-3511 | 7.7 | N/A |
7.0.9.50 7.1.3.50 |
8.0.3.10 | |
| CVE-2016-3498 | 5.3 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2016-3508 | 5.3 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2016-3550 | 4.3 | 6.0.16.30 6.1.8.30 |
7.0.9.50 | 8.0.3.10 | Applicable on Solaris, HP-UX and Mac OS only |
| CVE-2016-3500 | 4.3 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2016-3458 | 4.3 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2016-3485 | 2.9 | 6.0.16.30 6.1.8.30 |
7.0.9.50 7.1.3.50 |
8.0.3.10 |
Further information on Oracle’s July 19 2016 Critical Patch Update is available here.
IBM Security Update April 2016
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes |
|---|---|---|---|---|---|
| CVE-2016-0376 | 8.1 | 6.0.16.25 6.1.8.25 |
7.0.9.40 7.1.3.40 |
8.0.3.0 | |
| CVE-2016-0363 | 8.1 | 6.0.16.25 6.1.8.25 |
7.0.9.40 7.1.3.40 |
8.0.3.0 | |
| CVE-2016-0264 | 5.6 | 6.0.16.25 6.1.8.25 |
7.0.9.40 7.1.3.40 |
8.0.3.0 | Not applicable on Solaris, HP-UX and Mac OS |
Further information on the April 2016 IBM Security Update is available here.
Oracle April 19 2016 CPU (6u115, 7u101, 8u91)
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes |
|---|---|---|---|---|---|
| CVE-2016-3443 | 9.6 | 6.0.16.25 6.1.8.25 |
7.0.9.40 7.1.3.40 |
8.0.3.0 | |
| CVE-2016-0687 | 9.6 | 6.0.16.25 6.1.8.25 |
7.0.9.40 7.1.3.40 |
8.0.3.0 | |
| CVE-2016-0686 | 9.6 | 6.0.16.25 6.1.8.25 |
7.0.9.40 7.1.3.40 |
8.0.3.0 | |
| CVE-2016-3427 | 9 | 6.0.16.25 6.1.8.25 |
7.0.9.40 7.1.3.40 |
8.0.3.0 | |
| CVE-2016-3449 | 8.3 | 6.0.16.25 6.1.8.25 |
7.0.9.40 7.1.3.40 |
8.0.3.0 | |
| CVE-2016-3425 | 5.3 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2016-3422 | 4.3 | 6.0.16.25 6.1.8.25 |
7.0.9.40 7.1.3.40 |
8.0.3.0 | |
| CVE-2016-0695 | 3.7 | N/A |
N/A |
N/A |
Not applicable to IBM JRE/SDK |
| CVE-2016-3426 | 3.1 | 6.0.16.25 6.1.8.25 |
7.0.9.40 7.1.3.40 |
8.0.3.0 |
Further information on Oracle’s April 19 2016 Critical Patch Update is available here.
Oracle Security Alert for CVE-2016-0636 (7u99, 8u77)
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes |
|---|---|---|---|---|---|
| CVE-2016-0636 | 9.3 | 6.0.16.25 6.1.8.25 |
7.0.9.40 7.1.3.40 |
8.0.3.0 | Applicable on Solaris, HP-UX and Mac OS only |
Further information on the Oracle Security Alert for CVE-2016-0636 is available here and here.
Oracle Security Alert for CVE-2016-0603 (6u113, 7u97, 8u73)
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes |
|---|---|---|---|---|---|
| CVE-2016-0603 | 7.6 | 6.0.16.21 6.1.8.21 |
7.0.9.31 7.1.3.31 |
8.0.2.11 | This issue is applicable to the Windows platform only |
Further information on the Oracle Security Alert for CVE-2016-0603 is available here.
IBM Security Update January 2016
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes |
|---|---|---|---|---|---|
| CVE-2015-8540 | 9.8 | 6.0.16.20 6.1.8.20 |
7.0.9.30 7.1.3.30 |
N/A |
|
| CVE-2015-7981 | 5.3 | 6.0.16.20 6.1.8.20 |
7.0.9.30 7.1.3.30 |
N/A |
|
| CVE-2015-5041 | 4.8 | 6.0.16.20 6.1.8.20 |
7.0.9.30 7.1.3.30 |
8.0.2.10 |
Further information on the January 2016 IBM Security Update is available here.
Oracle January 19 2016 CPU (6u111, 7u95, 8u71)
| CVE | CVSS | IBM 6 Fix | IBM 7 Fix | IBM 8 Fix | Notes |
|---|---|---|---|---|---|
| CVE-2016-0494 | 10 | 6.0.16.20 6.1.8.20 |
7.0.9.30 7.1.3.30 |
8.0.2.10 | |
| CVE-2016-0483 | 10 | 6.0.16.20 6.1.8.20 |
7.0.9.30 7.1.3.30 |
8.0.2.10 | |
| CVE-2015-8126 | 7.8 | 6.0.16.20 6.1.8.20 |
7.0.9.30 7.1.3.30 |
8.0.2.10 | |
| CVE-2015-8472 | 6.3 | 6.0.16.20 6.1.8.20 |
7.0.9.30 7.1.3.30 |
8.0.2.10 | |
| CVE-2016-0475 | 5.8 | N/A |
N/A |
8.0.2.10 | |
| CVE-2016-0466 | 5 | 6.0.16.20 6.1.8.20 |
7.0.9.30 7.1.3.30 |
8.0.2.10 | |
| CVE-2016-0402 | 5 | 6.0.16.20 6.1.8.20 |
7.0.9.30 7.1.3.30 |
8.0.2.10 | |
| CVE-2015-7575 | 4 | 6.0.16.20 6.1.8.20 |
7.0.9.30 7.1.3.30 |
8.0.2.10 | SLOTH |
| CVE-2016-0448 | 4 | 6.0.16.20 6.1.8.20 |
7.0.9.30 7.1.3.30 |
8.0.2.10 |
Further information on Oracle’s January 19 2016 Critical Patch Update is available here.