Multiple security vulnerablilities exist in the JREs shipped with CICS TG for client applications. CICS TG itself is not vulnerable to these risks but client side applications using the JREs might be. You will need to evaluate your own code to determine if you are vulnerable.
CVE(s): CVE-2014-0428, CVE-2014-0422, CVE-2013-5907, CVE-2014-0415 and CVE-2014-0410
Affected product(s) and affected version(s):
CICS Transaction Gateway for Multiplatforms v9.0 and earlier.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21668321
X-Force Database: http://xforce.iss.net/xforce/xfdb/90325
X-Force Database: http://xforce.iss.net/xforce/xfdb/90326
X-Force Database: http://xforce.iss.net/xforce/xfdb/90324
X-Force Database: http://xforce.iss.net/xforce/xfdb/90323
X-Force Database: http://xforce.iss.net/xforce/xfdb/90322