Security Bulletin: Vulnerability in SSLv3 affects IBM Data Studio Web Console (CVE-2014-3566)

Abstract SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Data Studio Web Console. Content Vulnerability Details CVE-ID : CVE-2014-3566 DESCRIPTION : IBM Data Studio Web Console could allow a remo...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IMS™ Enterprise Suite: Connect API for Java, SOAP Gateway, and Explorer for Development (CVE-2015-0138, CVE-2015-0410, CVE-2014-6593)

Abstract There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 that is used the following IMS™ Enterprise Suite components: Connect API for Java, SOAP Gateway, and Explorer for Development. These issues were disclose...

Security Bulletin: IBM Smart Analytics System 5600 is affected by vulnerabilities in the IBM Java SDK

Abstract The IBM Smart Analytics System 5600 contains a management host that is installed with the Mozilla Firefox browser. The browser is configured to use IBM Java SDK for Java Web Start applications. The browser software is configured in this manner to allow the use of the Remote Control...

Security Bulletin: Multiple vulnerabilities in IBM Rational Policy Tester (CVE-2013-0531, CVE-2013-0440, CVE-2013-4062, CVE-2013-4061, CVE-2013-2407)

Abstract Previous releases of IBM Rational Policy Tester are affected by multiple vulnerabilities reported in 3rd party components bundled with the product as well as in proprietary IBM code. These vulnerabilities include Java components, weak cipher suites, invalid certificate warnings and URL...

Security Bulletin: IBM InfoSphere Optim Performance Manager affected by vulnerability in IBM Java Runtime Environment (CVE-2013-4002)

Abstract Unspecified vulnerability in the IBM Java Runtime Environment JRE in IBM Java allows remote attackers to affect availability via unknown vectors. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-4002 CVSS: CVSS Base Score: 7.1 CVSS Temporal Score: See...

Security Bulletin: Multiple vulnerabilities in the IBM Java SDK

Abstract Issues disclosed in the Oracle June 2013 Java SE Critical Patch Update, plus 8 additional vulnerabilities. Content VULNERABILITY DETAILS: CVE IDs: CVE-2013-3006 CVE-2013-3007 CVE-2013-3008 CVE-2013-3009 CVE-2013-3010 CVE-2013-3011 CVE-2013-3012 CVE-2013-4002 CVE-2013-2468 CVE-2013-2469...

Security Bulletin: InfoSphere Optim Performance Manager affected by vulnerability in IBM JAVA JRE (CVE-2013-0169)

Abstract IBM InfoSphere Optim Performance Manager uses the IBM Java Runtime Environment JRE and is affected by a vulnerability in the IBM JRE. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0169 DESCRIPTION: The TLS protocol does not properly consider timing side-channel attacks, which allows...

Security Bulletin: Potential security vulnerabilities in WebSphere Partner Gateway Advanced/Enterprise for the Oracle CPU April 2013.

Abstract The IBM WebSphere Partner Gateway is shipped with an IBM Java SDK that is based on the Oracle SDK. The April 2013 Oracle Critical Patch Updates CPU contained various security vulnerability fixes for the Oracle JDKs. The IBM Java SDK that WebSphere Partner Gateway ships is similarly...

Security Bulletin: IBM Security SiteProtector System can be affected by a vulnerability in the IBM Java JRE (CVE-2013-5809)

Abstract IBM Security SiteProtector System can be affected by vulnerability in the IBM Java JRE. This vulnerability could allow a remote attacker to affect confidentiality, integrity, and availability by means of unknown vectors related to the Java 2D component. Content VULNERABILITY DETAILS:...

Security Bulletin: WebSphere Application Server Community Edition 3.0.0.3 Oracle CPU April 2013

Abstract Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with IBM WebSphere Application Server Community Edition. Content The IBM WebSphere Application Server Community Edition is shipped with an IBM Java SDK that is based on the Oracle JDK. Oracle has released April...

Security Bulletin: DB2 Recovery Expert for Linux, UNIX and Windows is affected by a vulnerability in IBM Java (CVE-2013-5780)

Abstract An unspecified vulnerability in IBM's JRE related to the Libraries component could allow a remote attacker to obtain sensitive information. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-5780 CVSS: CVSS Base Score: 4.3 CVSS Temporal Score: See...

Security Bulletin: Multiple Vulnerabilities in InfoSphere BigInsights due to vulnerabilities in IBM Java JDK Version 6 (CVE-2012-1717, CVE-2012-1718)

Abstract IBM InfoSphere BigInsights makes use of IBM Java Development Kit JDK Version 6. Multiple vulnerabilities have been identified in IBM Java 6, and addressed in IBM Java 6 JDK SR 11. Content VULNERABILITYDETAILS: CVE-2012-1718, CVE-2012-1717 DESCRIPTION: Vulnerabilities in the Java...

Security Bulletin: IBM Tivoli Directory Integrator can be affected by a vulnerability in IBM Java Runtime Environment (CVE-2012-5081)

Abstract The JDK’s TLS implementation may not check the TLS vector length as set out in the Internet Engineering Task Force Request For Comments RFC 5246. The fix enhances the checking for the vector length. Content VULNERABILITY DETAILS: DESCRIPTION: The JDK's TLS implementation may not check th...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2022-21496, CVE-2022-21299)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21496...

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 7, and 8 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Asset Management Essentials, Maximo Industry Solutions...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, and 7 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions including Maximo for Government, Maximo fo...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, 7, and 8 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions including Maximo for Government, Maximo...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, and 7 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions including Maximo for Government, Maximo fo...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, 7, and 8 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions including Maximo for Government, Maximo...