Security Bulletin: Multiple vulnerabilities in IBM Tivoli System Automation for Multiplatforms shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator

Summary

IBM Tivoli System Automation for Multiplatforms is shipped as a component of IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, IBM SmartCloud Orchestrator, and IBM SmartCloud Orchestrator Enterprise. Information about security vulnerabilities affecting IBM Tivoli System Automation for Multiplatforms has been published in security bulletins.

Vulnerability Details

Consult the security bulletins for IBM Tivoli System Automation for Multiplatforms for vulnerability details and information about fixes.

• Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2016-0466, CVE-2015-7575)

• Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2015-4872, CVE-2015-4911, CVE-2015-4893, CVE-2015-4803, CVE-2015-4734, CVE-2015-5006)

• Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation for Multiplatforms (CVE-2015-2017)

• Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation for Multiplatforms (CVE-2015-1283)

• Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation for Multiplatforms (CVE-2015-3183)

• Security Bulletin: Multiple vulnerabilities in IBM Java SDK including Logjam affect IBM Tivoli System Automation for Multiplatforms (CVE-2015-4000, CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931, CVE-2015-4749)

• Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tivoli System Automation for Multiplatforms (CVE-2015-4000)

• Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2015-0488, CVE-2015-0478, CVE-2015-2808, CVE-2015-1916, CVE-2015-1914, CVE-2015-0204)

• Security Bulletin: Vulnerability in WebSphere Application Server affects IBM Tivoli System Automation for Multiplatforms (CVE-2015-1920)

• Security Bulletin: Vulnerability in IBM Tivoli System Automation for Multiplatforms (CVE-2014-0453)

• Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Tivoli System Automation for Multiplatforms (CVE-2015-2808).

• Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2014-3566, CVE-2014-6468, CVE-2014-6457)

• Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2014-6593, CVE-2015-0410, CVE-2015-0138)

Affected Products and Versions

Principal Product and Version

| Affected Supporting Product and Version
—|—
IBM Cloud Orchestrator 2.5, 2.5.0.1, 2.5.0.1 Interim Fix1, 2.4, 2.4.0.1, 2.4.0.2 and 2.4.0.3

IBM Cloud Orchestrator Enterprise 2.5.0.1, 2.5.0.1 Interim Fix1, 2.4, 2.4.0.1, 2.4.0.2 and 2.4.0.3

| IBM Tivoli System Automation for Multiplatforms 4.1
IBM SmartCloud Orchestrator 2.3, 2.3.0.1

IBM SmartCloud Orchestrator Enterprise 2.3 and 2.3.0.1

| IBM Tivoli System Automation for Multiplatforms 3.2.2