SmartCloud Orchestrator is shipped with an IBM SDK based on Oracle JDK.
Oracle has released October 2013 and January 2014 critical patch updates (CPU) which contain security vulnerability fixes and the IBM SDK, Java™ Technology Edition, has been updated to include those fixes. The IBM SDK has also been updated to fix security vulnerabilities specific to the IBM SDK.
CVE(s): CVE-2013-5802, CVE-2013-5772 and CVE-2014-0411
Affected product(s) and affected version(s):
SmartCloud Orchestrator 2.3, 2.3 FixPack 1, 2.2, 2.2 FixPack 1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21672576
X-Force Database: http://xforce.iss.net/xforce/xfdb/87982
X-Force Database: http://xforce.iss.net/xforce/xfdb/88007
X-Force Database: http://xforce.iss.net/xforce/xfdb/90357