Security Bulletin: Multiple security vulnerabilities have been identified in bundled products shipped with WebSphere Dynamic Process Edition (April 2015)

Summary

WebSphere Business Modeler, WebSphere Integration Developer, WebSphere Business Services Fabric, WebSphere Process Server and WebSphere Business Monitor are shipped as components of WebSphere Dynamic Process Edition. Information about security vulnerabilities affecting these products have been published in security bulletins. Please note that WebSphere Application Server is the base for all server side products in the WebSphere Dynamic Process Edition bundle.

Vulnerability Details

Please consult the security bulletins

• Security Bulletin: Multiple vulnerabilities in IBM Java SDK (CVE-2015-0478, CVE-2015-0488, and CVE-2015-1916) and with Diffie-Hellman ciphers (CVE-2015-4000) may affect IBM Integration Designer (IID) and WebSphere Integration Developer (WID)
• Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java™ Technology Edition April 2015 CPU affect WebSphere Process Server
• Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2015 CPU
• for vulnerability details and information about fixes.

Affected Products and Versions

WebSphere Dynamic Process Edition 6.1, 6.2, 7.0

If you are using an unsupported version, IBM strongly recommends to upgrade.

Workarounds and Mitigations

None