Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server shipped with IBM Tivoli Network Manager IP Edition (CVE-2017-10107,CVE-2017-10116,CVE-2017-10115) - July 2017 CPU

Summary

IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition. Information about a security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

IBM Tivoli Network Manager 3.9
IBM Tivoli Network Manager 4.1
IBM Tivoli Network Manager 4.1.1
IBM Tivoli Network Manager 4.2

Remediation/Fixes

Principal Product and Version(s)

| Affected Supporting Product and Version|Remediation/First Fix
—|—|—
IBM Tivoli Network Manager 3.9| Bundled the TIP version 2.1.0.x, which bundles IBM WebSphere version 7.0.0.x.| <http://www-01.ibm.com/support/docview.wss?uid=swg22007002&gt;
IBM Tivoli Network Manager 4.1 and 4.1.1| Bundled the TIP version 2.2.0.x, which bundles IBM WebSphere version 7.0.0.x.| <http://www-01.ibm.com/support/docview.wss?uid=swg22007002&gt;
IBM Tivoli Network Manager 4.2 | IBM Tivoli Network Manager 4.2 requires to install IBM Websphere Application Server Version 8.5.5.5 or later version separately. Users are recommended to apply IBM WebSphere version 8.5.5.5 Security Interim Fixes…
----------------------------------------------------
IBM Tivoli Network Manager 4.2 requires to installInstallation Manager which includes JAVA. Users are recommended to apply Installation Manger security fixes when available. | <http://www-01.ibm.com/support/docview.wss?uid=swg22007002&gt;

-----------------------------------------------------
<https://www.ibm.com/support/home/product/N340276G72802P18/rational/ibm_installation_manager&gt;

Workarounds and Mitigations

None