Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Insight (CVE-2015-7440, CVE-2015-7453)

Summary Jazz Reporting Service is shipped as a component of Rational Insight. Information about multiple security vulnerabilities affecting Jazz Reporting Service has been published in a security bulletin. Vulnerability Details Consult the security bulletin Security Bulletin: Multiple security...

Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Insight (CVE-2016-0483, CVE-2015-7575, CVE-2016-0448, CVE-2016-0466)

Summary Jazz Reporting Service is shipped as a component of Rational Insight. Information about multiple security vulnerabilities affecting Jazz Reporting Service has been published in a security bulletin. Vulnerability Details Consult the security bulletin Security Bulletin: Multiple security...

Security Bulletin: Multiple vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Insight (CVE-2015-7464, CVE-2015-7467, CVE-2015-7468, CVE-2015-7469, CVE-2015-7470)

Summary Jazz Reporting Service is shipped as a component of Rational Insight. Information about multiple security vulnerabilities affecting Jazz Reporting Service has been published in a security bulletin. Vulnerability Details Consult the security bulletin Multiple security vulnerabilities affec...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Insight (CVE-2015-4872, CVE-2015-4893, CVE-2015-4803, CVE-2015-5006, CVE-2016-0483, CVE-2015-7575, CVE-2016-0448, CVE-2016-0466)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Insight. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and October 2015, and include the vulnerability commonly referred to as “SLOTH”. Vulnerabili...

Security Bulletin: Vulnerability in Apache Commons affects Rational Insight (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by Jazz Team Server and Cognos Business Intelligence Cognos BI shipped with Rational Insight. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Insight (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931, CVE-2015-4748, CVE-2015-4749)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Insight. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-4748 DESCRIPTION: An unspecified vulnerability related t...

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Rational Insight (CVE-2015-4000, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by Rational Insight. Rational Insight has addressed the applicable CVEs...

Security Bulletin: A security vulnerability in Apache Tomcat affects Rational Insight (CVE-2014-0230)

Summary The Rational Insight is shipped with a version of the Apache Tomcat web server which contains a security vulnerability that could have a potential security impact. Vulnerability Details CVEID: CVE-2014-0230 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by missing...

Security Bulletin: Vulnerability in Diffie-Hellman cipher affects Rational Insight (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Jazz Team Server and Cognos Business Intelligence Cognos BI shipped with Rational Insight. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker ...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Insight (CVE-2015-0478, CVE-2015-2808, CVE-2015-1916, CVE-2015-0488, CVE-2015-0138, CVE-2015-0204)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Insight. These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses FREAK: Factoring Attack on RSA-EXPORT keys" SSL/TLS vulnerabilit...

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Insight (CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293)

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by Rational Insight. Rational Insight has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an erro...

Security Bulletin: A security vulnerability in Apache Tomcat affects Rational Insight (CVE-2014-0227)

Summary The Rational Insight is shipped with a version of the Apache Tomcat web server which contains a security vulnerability that could have a potential security impact. Vulnerability Details CVEID: CVE-2014-0227 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling. A remote...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Insight (CVE-2015-0138, CVE-2015-0383, CVE-2015-0410, CVE-2014-6593)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Insight. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL clien...

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Insight (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Jazz Team Server and Cognos Business Intelligence Cognos BI shipped with Rational Insight. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacke...

Security Bulletin: Vulnerability in IBM Java SDK affects Rational Insight (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Insight. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations...

Security Bulletin: Some security vulnerabilities have been identified in Jazz Team Server shipped with Rational Insight (CVE-2014-6131, CVE-2014-6129)

Summary Jazz Team Server is shipped as a component of Rational Insight, in the areas of Data Collection Component and Jazz Reporting Service.. Information about security vulnerabilities affecting Jazz Team Server have been published in a security bulletin. Vulnerability Details Please consult the...

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Insight (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0205, CVE-2015-0206)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. OpenSSL is used by Rational Insight. Rational Insight has addressed the applicable CVEs. Vulnerability Details CVE-ID: CVE-2014-3569 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Insight (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Insight. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the IBM Java SDK...

Security Bulletin: Rational Insight - OpenSSL support for SSL 3.0 Fallback protection + 3 other CVEs

Summary Some security vulnerability exist in the OpenSSL library that is shipped with the Rational Report Server of the Rational Insight. Vulnerability Details Security vulnerabilities have been discovered and reported in the OpenSSL library. CVE-ID: CVE-2014-3513 DESCRIPTION: OpenSSL is vulnerab...

Security Bulletin: Rational Insight - Jazz Reporting Service report results can be viewed without user log-in (CVE-2014-6115)

Summary A security vulnerability exists in the Jazz Reporting Service JRS that is shipped with Rational Insight. Vulnerability Details Security vulnerabilities have been discovered and reported in Jazz Reporting Service. CVEID: CVE-2014-6115 Description: A Jazz Reporting Service JRS report URL ca...