Security Bulletin: Multiple vulnerabilities in IBM Business Process Manager, and other bundling products shipped with IBM SmartCloud Orchestrator and SmartCloud Orchestrator Enterprise

Summary

Multiple vulnerabilities in IBM Business Process Manager, and other bundling products shipped with IBM SmartCloud Orchestrator and SmartCloud Orchestrator Enterprise. Information about security vulnerabilities affecting IBM Business Process Manager, and the bundling products IBM SmartCloud Cost Management, IBM Tivoli System Application Automation Manager and IBM Tivoli Monitoring has been published in a security bulletin (CVE-2015-1885, CVE-2015-1946, CVE-2015-1927, CVE-2015-1920).

Vulnerability Details

Consult the following security bulletins for vulnerability details and information about fixes for affected supporting products that are shipped with IBM SmartCloud Orchestrator

• Security Bulletin: Multiple vulnerabilities in IBM Business Process Manager shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator (CVE-2015-1885, CVE-2015-1946, CVE-2015-1927, CVE-2015-1920)
• Security Bulletin: Multiple vulnerabilities in IBM Tivoli System Automation Application Manager shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator (CVE-2015-1885, CVE-2015-1946, CVE-2015-1927)
• Consult the following security bulletins for vulnerability details and information about fixes for affected supporting products that are shipped solely with IBM SmartCloud Orchestrator Enterprise
• Security Bulletin: Multiple vulnerabilities in IBM Business Process Manager shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator (CVE-2015-1885, CVE-2015-1946, CVE-2015-1927, CVE-2015-1920)
• Security Bulletin: Multiple vulnerabilities in IBM Tivoli System Automation Application Manager shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator (CVE-2015-1885, CVE-2015-1946, CVE-2015-1927)
• Security Bulletin: Multiple vulnerabilities in IBM SmartCloud Cost Management shipped with IBM Cloud Orchestrator Enterprise and IBM SmartCloud Orchestrator Enterprise (CVE-2015-1885, CVE-2015-1946, CVE-2015-1927)
• Security Bulletin: Multiple vulnerabilities in IBM Tivoli Monitoring shipped with IBM Cloud Orchestrator Enterprise and IBM SmartCloud Orchestrator Enterprise (CVE-2015-1946, CVE-2015-1920 )

_For __ unsupported IBM SmartCloud Orchestrator V2.2.0 and V2.2.0.1 and IBM SmartCloud Orchestrator Enterprise V2.2.0 and V2.2.0.1. _IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Affected Products and Versions

Affected versions of IBM SmartCloud Orchestrator, IBM SmartCloud Orchestrator Enterprise, and affected supporting products, which are shipped with IBM SmartCloud Orchestrator and IBM SmartCloud Orchestrator Enterprise, are listed in the following table.