Security Bulletin: Security vulnerabilities have been identified in multiple components shipped with IBM Intelligent Operations Center (May 2015)

Summary

Multiple components are shipped with IBM Intelligent Operations Center. Information about security vulnerabilities that affect some components has been published in security bulletins.

Vulnerability Details

Consult the following security bulletins for vulnerability details:

• Vulnerability in Dojo Toolkit affects WebSphere Application Server (CVE-2014-8917)
• Fixes are available for Security Vulnerabilities in Dojo that affect IBM WebSphere Portal (CVE-2014-8917)
• Vulnerability with RSA Export Keys may affect IBM WebSphere Application Server (CVE-2015-0138)
• Vulnerability in RC4 stream cipher affects WebSphere Application Server (CVE-2015-2808)
• Vulnerability in RC4 stream cipher affects IBM WebSphere Portal (CVE-2015-2808)
• IBM Websphere Message Broker and IBM Integration Bus are affected by SSLv3 Vulnerability (CVE-2014-3566 and CVE-ID: CVE-2014-3568)
• IBM Integration Bus and WebSphere Message Broker: Multiple security vulnerabilities in IBM JREs 6 & 7
• Multiple vulnerabilities in IBM Java SDK affect IBM Notes and Domino
• Multiple Vulnerabilities in the IBM Java SDK affect IBM Notes and Domino (Oracle January 2015 Critical Patch Update)
• Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager available (CVE-2014-6110, CVE-2014-6098, CVE-2014-6096, CVE-2014,6105, CVE-2014-6107, CVE-2014-6095)
• Vulnerabilities in GSKit affect IBM Tivoli/Security Directory Integrator (CVE-2015-0138)
• IBM Tivoli/Security Directory Integrator can be affected by a vulnerability in the current IBM SDK for Java (CVE-2014-3566)

Affected Products and Versions

Affected Product and Version(s)

| Product and Version shipped as a component
—|—
IBM Intelligent Operations Center version 1.6.0.3|

• IBM WebSphere Portal CF15
• IBM WebSphere Application Server 8 fixes (PI33012 + PI36563 + PI38186)
• IBM WebSphere Application Server 7 fixes (PI36563 + PI37013) + UpdateInstaller 7.0.0.37
• IBM WebSphere Web 2.0 and Mobile Feature Pack Fix - PI34238 (IBM WebSphere Application Server Version 7 and IBM WebSphere Application Server Version 8)
• IBM Message Broker 8.0.0.5 + IT06830 + IT07249
• Lotus Domino 8.5.3 Fix Pack 6 + Interim Fix 6
• Lotus Domino - Java JRE Version 6 Service Refresh 16 Fix Pack 3
• IBM Security Identity Manager 6 Fix Pack 5
• Tivoli Directory Integrator 7.1.1 Fix Pack 4 + LA0023 (POODLE) + LA0025 (FREAK)
• IBM Java v7r1 SR2-FP10
• SPSS Modeler 15 - IBM JRE 6.0 Service Refresh 16 Fix Pack 3 iFix
• HTTP Server (configuration update to address the “Bar Mitzvah Attack” issue)

Remediation/Fixes

Download and install IBM Intelligent Operations Center version 1.6.0.3 interim fix PO04697.

Security fixes are not cumulative. You must install all earlier security fixes in addition to the current fix.