Security Bulletin: Multiple security vulnerabilities have been identified in bundled products shipped with WebSphere Dynamic Process Edition (April 2015)

Summary WebSphere Business Modeler, WebSphere Integration Developer, WebSphere Business Services Fabric, WebSphere Process Server and WebSphere Business Monitor are shipped as components of WebSphere Dynamic Process Edition. Information about security vulnerabilities affecting these products have...

Security Bulletin: A vulnerability in IBM Java Runtime affects WebSphere eXtreme Scale (CVE-2015-0488 )

Summary There is a vulnerability in IBM Java Runtime , Versions 6 and 7 that is used by WebSphere eXtreme Scale. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID:CVE-2015-0488 DESCRIPTION: An unspecified vulnerability related to the JSSE...

Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect server products in WebSphere Dynamic Process Edition (CVE-2015-4000)

Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 may affect some configurations of IBM WebSphere Application Server Full Profile that is shipped as a component of server products in WebSphere Dynamic Process Edition. The IBM HTTP Server used by WebSphere Application Server is not...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository April 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVE-2015-0204 was fixed in IBM SDK, Java...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Image Construction and Composition Tool (CVE-2014-3566 and CVE-2014-6457)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM PureApplication System. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the IBM...

Security Bulletin: A security vulnerability has been identified in WebSphere MQ Telemetry shipped with WebSphere Remote Server (CVE-2014-4263, CVE-2014-4244, CVE-2015-0410, CVE-2014-6593)

Summary WebSphere MQ Telemetry is shipped as a component of WebSphere Remote Server. Information about a security vulnerability affecting WebSphere MQ Telemetry has been published in a security bulletin. Vulnerability Details For vulnerability details, see the security bulletin Multiple...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows. (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM SDK Java Technology Edition, Version 6 and IBM SDK Java Technology Edition, Version 7 that is used by IBM OS Images for Red Hat Linux Systems, AIX, and Windows. Vulnerability Details CVEID...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer (IID) and WebSphere Integration Developer (WID)(CVE-2015-0138, CVE-2015-0410, CVE-2014-6593)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.6 and 1.7 that is used by IBM Integration Designer IID and WebSphere Integration Developer WID. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Business Compass (CVE-2015-0138, CVE-2015-0395, CVE-2015-0410)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6.0 that is used by WebSphere Business Compass. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere DataPower XC10 Appliance: CVE-2015-0138, CVE-2014-6593, CVE-2015-0410

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition. These vulnerabilities affect WebSphere DataPower XC10 versions 2.1 and 2.5. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK:...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light (CVE-2014-6593, CVE-2015-0410)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7R1 Service Refresh 2 and earlier releases that is used by IBM MQLight. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution (CVE-2014-3566, CVE-2014-6558)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6.0,16.1 and 7.0.7.1 that is used by WebSphere Cast Iron. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as par...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details The following advisories are included in the IBM® SDK Java™...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light (CVE-2014-3065, CVE-2014-3566, CVE-2014-6457)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM MQ Light. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the IB...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository October 2014 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Service Registry and Repository. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These issues were disclosed...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Lombardi Edition (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Lombardi Edition. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability related to t...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Dynamic Process Edition (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Dynamic Process Edition. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability relat...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Process Server and IBM Business Process Manager (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Process Server and IBM Business Process Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Support Assistant Team Server July 2014 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM Support Assistant Team Server. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details The following two advisories are included in the IBM® SDK Jav...

Multiple vulnerabilities in IBM Java SDK affect AIX

IBM SECURITY ADVISORY First Issued: Tue Jun 12 14:49:00 CDT 2018 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/javaapr2018advisory.asc https://aix.software.ibm.com/aix/efixes/security/javaapr2018advisory.asc...