Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect DB2 Recovery Expert for Linux, Unix and Windows

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version Java 1.8.0 SR1 FP10 used by DB2 Recovery Expert for Linux, Unix and Windows. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. Vulnerability Details CVEID: CVE-2016-5546 DESCRIPTION: An...

Security Bulletin: Vulnerability in IBM Java Runtime affects IBM SPSS Statistics (CVE-2016-3485)

Summary A vulnerability in IBM® Runtime Environment Java™ Version 6.0, 7.0, 7.1, and 8.0 that is used by IBM SPSS Statistics. This issue was disclosed as part of the IBM Java SDK updates in July 2016. Vulnerability Details CVEID: CVE-2016-3485 DESCRIPTION: An unspecified vulnerability related to...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server (CVE-2016-5554, CVE-2016-5556, CVE-2016-5568, CVE-2016-5582)

Summary There are multiple vulnerabilities in IBM® Runtime Environments Java™ Technology Edition, Versions 6, 7 and 8 used by IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server. These issues were disclosed as part of the IBM Java SDK updates in October 2016. Vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center (CVE-2016-5554, CVE-2016-5556, CVE-2016-5568)

Summary There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 6 and 7 used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in October 2016. Vulnerability Details If you run your own Java code using the...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2016-3485 CVE-2016-5597)

Summary There is a vulnerability in the IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. This issue was disclosed as part of the IBM Java SDK updates in July 2016 and October 2016. Vulnerability Details CVEID: CVE-2016-3485 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect Decision Optimization Center (CVE-2016-3598)

Summary There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Version 6 and Version 7 that are used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in July 2016. Vulnerability Details If you run your own Java...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 and Version 7 that are used by IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVE...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM Decision Optimization Center (CVE-2016-0603)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM Decision Optimization Center. SDK installation executables on the Windows platform are affected by this vulnerability. Vulnerability Details CVE-ID: CVE-2016-0603 Description: IBM Java JRE/SDK cou...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SPSS Statistics (CVE-2015-4872, CVE-2015-4734, CVE-2015-5006, CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 1.6 and 1.7 that is used by IBM SPSS Statistics. These issues were disclosed as part of the IBM Java SDK updates in October 2015 and includes the vulnerability commonly referred to as “SLOTH”...

Security Bulletin: SLOTH - Weak MD5 Signature Hash vulnerability in IBM Java SDK affect IBM SPSS Collaboration and Deployment Services (CVE-2015-7575)

Summary SLOTH - Weak MD5 Signature Hash vulnerability in IBM Java SDK affect IBM SPSS Collaboration and Deployment Services CVE-2015-7575 Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM® DB2® LUW (CVE-2015-7575)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6.0 and 7.0 that is used by DB2 LUW. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The T...

Security Bulletin: A security vulnerability has been identified in IBM Java SDK shipped with IBM DB2 Recovery Expert for Linux, UNIX, and Windows (CVE-2015-4872)

Summary IBM Java SDK is shipped as a component of IBM DB2 Recovery Expert for Linux, UNIX, and Windows . Information about a security vulnerability affecting IBM Java SDK has been published in a security bulletin. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An unspecified vulnerabilit...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and Version 7 that are used by IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Decision Optimization Center

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. Vulnerabilit...

Security Bulletin: A potential vulnerability in IBM Java SDK affect InfoSphere Streams (CVE-2015-4872)

Summary There is a potential vulnerability in IBM® SDK Java™ Technology Edition, Versions 6 SR16 FP4, 7R1 SR3 and 8 SR1 that are used by InfoSphere Streams. This issue was disclosed as part of the IBM Java SDK updates in Oct 2015. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server (CVE-2015-4803 CVE-2015-4872 CVE-2015-4893 CVE-2015-5006)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details CVEID: CVE-2015-4803 DESCRIPTION: An...

Security Bulletin: DH key exchange protocol vulnerability (“Logjam”) in IBM Java SDK affects IBM SPSS Statistics (CVE-2015-4000)

Summary TLS connections using Diffie-Hellman DH key exchange protocol, “Logjam” attack, affects IBM Java SDK 1.6, 1.7 that is used by IBM SPSS Statistics. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SPSS Modeler (CVE-2015-0138, CVE-2015-0383, CVE-2015-0410, CVE-2014-6593)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6.0.15, 7.1.2, 7.0.8 that is used by IBM SPSS Modeler. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SPSS Modeler (CVE-2015-4000, CVE-2015-0478, CVE-2015-0488)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 3, IBM SDK Java Technology Edition, Version 7 Service Refresh 8 Fix Pack 10, and IBM SDK Java Technology Edition, Version 7R1 Service Refresh 2 Fix Pack 10 that are used by IBM SPS...

Security Bulletin: DH key exchange protocol vulnerability (“Logjam”) in IBM Java SDK affects IBM SPSS Analytic Server (CVE-2015-4000)

Summary Vulnerabilities in SSL/TLS protocol during key exchange phase using Diffie-Hellman DH ciphersuite, “Logjam” attack, affects IBM Java SDK 1.6, 1.7 that is used by IBM SPSS Analytic Server. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacke...