Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics

Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.11.0. IBM Cognos Analytics consumes Apache POI. Multiple vulnerabilities have been addressed in Apache POI. IBM Cognos Analytics consumes IBM GSKit. Multiple vulnerabilities have been...

Security Bulletin: IBM Cognos Controller 2018Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller

Summary This bulletin addresses several security vulnerabilities. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 and the IBM® Runtime Environment Java™ Technology Edition, Version 8 that are used by IBM Cognos Controller. These issues were...

Security Bulletin: IBM Cognos Metrics Manager 2018 Q1 Security Update: IBM Cognos Metrics Manager is affected by multiple vulnerabilities.

Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Metrics Manager. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM...

Security Bulletin: IBM Cognos Business Intelligence Server 2018Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.

Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Business Intelligence. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM...

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.7.0. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8. These issues were disclosed as part of the IBM Java SDK updates in July 2016, October 2016, January 201...

Security Bulletin: A vulnerability in the GSKit library affects IBM Cognos Metrics Manager

Summary A vulnerability has been addressed in the GSKit component of IBM Cognos Metrics Manager. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS...

Security Bulletin: A vulnerability in the GSKit component of IBM Cognos Business Intelligence Server (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of IBM Cognos Business Intelligence Server . Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this...

Security Bulletin: A vulnerability in the GSKit component of Cognos Analytics (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of Cognos Analytics Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to obtain...

Security Bulletin:Vulnerabilities in IBM WebSphere Application Server and GSKit affects Cognos Business Intelligence (CVE-2015-0138, CVE-2015-0159)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM WebSphere Application Server Liberty Profile Version 8.5 that is used by IBM Cognos Business Intelligence Server 10.2.2 A security vulnerability has been discovered in GSKit 8.0 used by IB...

Security Bulletin: A security vulnerability has been identified in IBM Cognos Business Intelligence Server shipped with IBM Predictive Maintenance and Quality (CVE-2016-0201).

Summary IBM Cognos Business Intelligence Server is shipped as a component of IBM Predictive Maintenance and Quality. Information about a security vulnerability affecting IBM Cognos Business Intelligence Server has been published in this security bulletin. Vulnerability Details Please consult the...

Security Bulletin: A vulnerability in the GSKit component of IBM Cognos Controller (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of IBM Cognos Controller. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to...

Security Bulletin: Multiple vulnerabilities in GSKit bundled with IBM HTTP Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud

Summary IBM HTTP Server is shipped as a component of IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Please consult the...

Security Bulletin: WebSphere MQ is vulnerable to disclosing side channel information via discrepencies between valid and invalid PKCS#1 padding. ROBOT. (CVE-2018-1388)

Summary WebSphere MQ is affected by the ROBOT vulnerability where it may disclose side channel information via discrepencies between valid and invalid PKCS1 padding. Vulnerability Details CVEID: CVE-2018-1388 DESCRIPTION: IBM MQ is vulnerable to TLS implementations may disclose side channel...

Security Bulletin: Vulnerabilities in GSKit affect IBM WebSphere MQ (CVE-2015-7421, CVE-2015-7420)

Summary Vulnerabilities were discovered in GSKit. IBM WebSphere MQ uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-7421 DESCRIPTION: A vulnerability in GSKit could allow a remote attacker to obtain sensitive information. The internal ICC PRNG pool state is...

Security Bulletin: A vulnerability in the GSKit component of IBM DataPower Gateways (CVE-2016-0201)

Summary IBM DataPower Gateways uses GSKit in certain modules - namely MQ, ISAM/TAM, JMS. A vulnerability has been addressed in the GSKit component of IBM DataPower Gateways. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive...

Security Bulletin: A vulnerability in the GSKit component of IBM MQ Appliance (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of IBM MQ Appliance Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to obtain...

Security Bulletin: A vulnerability in the GSKit component of IBM WebSphere MQ (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of IBM WebSphere MQ. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to obtain...

Security Bulletin:Vulnerability in OpenSSL affects IBM PureApplication System. (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM PureApplication System uses GSKit in user registry components in the Web application pattern type and GPFS pattern type. IBM PureApplication System addressed the applicable CVE. Vulnerability...

Security Bulletin: Vulnerability in OpenSSL affects IBM WebSphere MQ (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM WebSphere MQ uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processing...

Security Bulletin: Vulnerability in OpenSSL affects IBM MQ Appliance (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM MQ Appliance uses GSKit and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processing...