Security Bulletins for IBM Tealeaf Customer Experience offerings

2018-06-1619:35:50

www.ibm.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Abstract

Support for IBM Tealeaf Customer Experience offerings is found in the IBM Client Success Portal at https://support.ibmcloud.com/, which requires login. For your convenience, Security Bulletins for IBM Tealeaf Customer Experience offerings are listed here, most recent at top, and do not require login to view.

Content

This document lists the published Security Bulletins for IBM Tealeaf. The list is updated as needed, with the most recent Security Bulletin at the top. Follow the links below for more information (each link opens in a new window):

Security Bulletin: Vulnerability in the OpenSSL library affects IBM Tealeaf Customer Experience PCA (CVE-2017-3730). (#2000513, last updated 11 May 2017)
Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience****(#2000590, last updated 28 April 2017)
Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On (#2000445, last updated 17 April 2017)
Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Tealeaf Customer Experience (CVE-2016-5597) (#2000439, last updated 12 April 2017)
Security Bulletin: Vulnerabilities in Memcached affect IBM Tealeaf Customer Experience and IBM Tealeaf Customer Experience on Cloud Network Capture Add-On (#1998093, last updated 02 February 2017)
Security Bulletin: Vulnerability in ICU4C affects IBM Tealeaf Customer Experience (CVE-2016-6293)****(#1994863, last updated 16 December 2016)
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience****(#1994861, last updated 16 December 2016)
Security Bulletin: Vulnerabilities in IBM WebSphere Application Server and IBM Java Runtime affect IBM Tealeaf Customer Experience (CVE-2016-0378, CVE-2016-3485, CVE-2016-5986)****(#1994537, last updated 12 December 2016)
Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On****(#1994534, last updated 12 December 2016)
Security Bulletin: Vulnerabilities in OpenSSL and PHP affect IBM Tealeaf Customer Experience (CVE-2016-2107, CVE-2016-6290, CVE-2016-7125) (#1992307, last updated 12 December 2016)
Security Bulletin: Multiple vulnerabilities in IBM Tealeaf Customer Experience portal (#1990216, last updated 14 September 2016)
Security Bulletin: Multiple vulnerabilities in PCRE library affect IBM Tealeaf Customer Experience****(#1989048, last updated 13 September 2016)
Security Bulletin: IBM Tealeaf Customer Experience Replay Server internal proxy accepts connections from external sources (CVE-2016-5968) (#1989374, last updated 12 September 2016)
Security Bulletin: IBM Tealeaf Customer Experience internal connections not encrypted (CVE-2015-4961)(#1965077, last updated 12 September 2016)
Security Bulletin: Multiple vulnerabilities in PHP and memcached libraries affect IBM Tealeaf Customer Experience (#1988257, last updated 04 August 2016)
Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On (#1983416, last updated 26 July 2016)
Security Bulletin: IBM Tealeaf Customer Experience installers vulnerable to attack (CVE-2016-2542) (#1981024, last updated 28 June 2016)
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience (CVE-2015-1794, CVE-2015-3194, CVE-2016-0702) (#1981021, last updated 08 June 2016)
Security Bulletin: IBM Tealeaf Customer Experience servers allow unauthenticated access (CVE-2015-4987) (#1981017, last updated 08 June 2016)
Security Bulletin: IBM Tealeaf Customer Experience PCA Web UI PHP security issues (#1972384, last updated 04 January 2016)
Security Bulletin: IBM Tealeaf Customer Experience allows unauthorized access to system files (CVE-2015-4988) (#1968868, last updated 04 January 2016)
Security Bulletin: IBM Tealeaf Customer Experience allows User Authentication via unencrypted GET request (CVE-2015-4990) (#1969739, last updated 18 December 2015)
Security Bulletin: IBM Tealeaf Customer Experience is affected by a security vulnerability (CVE-2015-4989) (#1968866, last updated 17 December 2015)
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tealeaf Customer Experience (CVE-2015-4000) (#1959030, last updated 04 September 2015)
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience (#1960713, last updated 21 July 2015)
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Tealeaf Customer Experience (CVE-2015-2808) (#1903393, last updated 24 June 2015)
Security Bulletin: IBM Tealeaf Customer Experience is affected by vulnerabilities in OpenSSL (CVE-2014-3569 - CVE-2014-3572, CVE-2014-8275, CVE-2015-0204 - CVE-2015-0206) (#1903391, last updated 21 May 2015)
Security Bulletin: IBM Tealeaf Customer Experience may be affected by a vulnerability in the Apache HTTP server (CVE-2014-0226) (#1715535, last updated 29 April 2015)
Security Bulletin: IBM Tealeaf Customer Experience is affected by a vulnerability in OpenSSL (CVE-2014-3511, CVE-2014-3512) (#1715901, last updated 11 May 2015)
Security Bulletin: Vulnerability in SSLv3 affects IBM Tealeaf Customer Experience (CVE-2014-3566) (#1689996, last updated 12 November 2014)
IBM Tealeaf Customer Experience products are not affected by the Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278) (#1686027, last updated 01 October 2014)
Security Bulletin: IBM Tealeaf CX is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 (#1677349, last updated 25 June 2014)
Security Bulletin: IBM Tealeaf Customer Experience is affected by a vulnerability in the Apache HTTP server, caused by an error in the mod_log_config module (CVE-2014-0098) (#1672603, last updated 11 August 2014)
Security Bulletin: IBM Tealeaf Customer Experience (CX) is affected by a vulnerability in OpenSSL (CVE-2014-0160) (#1671059, last updated 22 April 2014)
Security Bulletin: IBM Tealeaf Customer Experience – Tealeaf CX (CVE-2013-6954) (#1669679, last updated 08 April 2014)
Security Bulletin: IBM Tealeaf CX Passive Capture Application is vulnerable to a remotely exploitable OS command injection and local file inclusion (CVE-2013-6719 and CVE-2013-6720) (#1667630, last updated 03 February 2014)

Related Information

IBM Tealeaf support (requires login)

[{“Product”:{“code”:“SSERNK”,“label”:“Tealeaf Customer Experience”},“Business Unit”:{“code”:“BU055”,“label”:“Cognitive Applications”},“Component”:“–”,“Platform”:[{“code”:“PF025”,“label”:“Platform Independent”}],“Version”:“Version Independent”,“Edition”:“”,“Line of Business”:{“code”:“”,“label”:“”}}]