IBM JDK security update from August 2017 fixes documents one security issue specific to IBM JDKs: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_August_2017 CVE-2017-1376, fixed in versions 6.1.8.50, 7.0.10.10, 7.1.4.10, and 8.0.4.5. The above Security Vulnerabilities page links the following page for further details: http://www-01.ibm.com/support/docview.wss?uid=swg22006695 However, the linked page is not currently available. The CVE can be found mentioned in the "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Operations Analytics Predictive Insights" document at: http://www-01.ibm.com/support/docview.wss?uid=swg22007305 CVEID: CVE-2017-1376 DESCRIPTION: A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126873 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
(In reply to Tomas Hoger from comment #0) > https://developer.ibm.com/javasdk/support/security-vulnerabilities/ > #IBM_Security_Update_August_2017 > > CVE-2017-1376, fixed in versions 6.1.8.50, 7.0.10.10, 7.1.4.10, and 8.0.4.5. The upstream security page was updated to note that IBM JDK 8 was fixed in version 8.0.4.7.