Security Bulletin: Multiple vulnerabilities in IBM Java SDK and in Diffie-Hellman ciphers affects IBM InfoSphere Information Server (CVE-2015-0478 CVE-2015-0488 CVE-2015-1916 CVE-2015-4000)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses the Logjam Attack on TLS connections...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server (CVE-2014-6457, CVE-2014-6558, CVE-2014-3566, CVE-2014-3065, CVE-2014-6468)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as...

Security Bulletin: A vulnerability in the IBM SDK Java™ Technology Edition affects IBM InfoSphere Information Server and IBM InfoSphere Data Click (CVE-2014-0411)

Summary A vulnerability affecting both IBM InfoSphere Information Server and IBM InfoSphere Data Click has been identified in relation to the JSSE component. The vulnerability may have partial confidentiality and integrity impacts. Vulnerability Details CVE ID: CVE-2014-0411 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 1.5, 1.6 and 1.7 affect IBM SPSS Collaboration and Deployment Services: (CVE-2015-0138, CVE-2014-6593, CVE-2015-0410)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 1.5, 1.6 and 1.7 that are used by IBM SPSS Collaboration and Deployment Services. These issues were disclosed as part of the IBM Java SDK updates in January 2015 and the “FREAK: Factoring Attack on RSA-EXPORT...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM DB2 QMF for Workstation (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6 and 8 that are used by IBM DB2 QMF for Workstation. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2613 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect various Optim data server tools desktop products (CVE-2015-0488, CVE-2015-0478 and CVE-2015-1916)

Summary There are multiple vulnerabilities in IBM SDK Java™ Technology Edition, Versions 7 Service Refresh 7 Fix Pack 1, 7R1 Service Refresh 1 Fix Pack 1, 6 Service Refresh 16 Fix Pack 1, and earlier releases that are used by various Optim data server tools desktop products. These issues were...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect InfoSphere Warehouse, DB2 Warehouse Edition and DB2 Warehouse Edition Tooling. (CVE-2014-6457 and CVE-2014-6558)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.x and JDK v6.x that are used by InfoSphere Warehouse/DB2 Warehouse and Warehouse Tooling. These issues were disclosed as part of the IBM Java SDK updates in October 2014. Vulnerability Details CVEID:...

Security Bulletin: IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in October...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2014-3566, CVE-2014-6457)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Versions 6 Service Refresh 16-FP1 and earlier and 7 Service Refresh 7-FP1 and earlier that is used by IBM Cognos TM1. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM API Management

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version7.0 that is used by IBM API Management. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2613 DESCRIPTION: An unspecified vulnerability and Java...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Process Designer used in IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931, CVE-2015-4872)

Summary There are multiple vulnerabilities in IBM SDK Java™ Technology Edition that is used by IBM Process Designer in IBM Business Process Manager and WebSphere Lombardi Edition. These issues were disclosed as part of the IBM Java SDK updates for October 2015 and in the IBM Java SDK updates in...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK including Logjam affect IBM Image Construction and Composition Tool. (CVE-2015-4000, CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, and CVE-2015-1931)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 and 7, that is used by IBM Image Construction and Composition Tool. These issues were disclosed as part of the IBM Java SDK updates in July 2015. This bulletin also addresses the Logjam Attack on TLS...

Security Bulletin: Multiple vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository Studio (CVE-2015-2613 CVE-2015-2601 CVE-2015-2625 CVE-2015-1931)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Service Registry and Repository Studio. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2613 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server July 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in July 2015. These may affect some configurations of IBM WebSphere Application Server Full Profil...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Workload Deployer (CVE-2015-0410 and CVE-2014-6593)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition Version 6 and 7 that are used by IBM Workload Deployer. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details CVEID: CVE-2015-0410 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Image Construction and Composition Tool (CVE-2015-0410 and CVE-2014-6593)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition Version 6 and 7 that are used by IBM Image Construction and Composition Tool. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details CVEID: CVE-2015-0410 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (CVE-2015-0478, CVE-2015-0488, and CVE-2015-1916) and with Diffie-Hellman ciphers (CVE-2015-4000) may affect IBM Integration Designer (IID) and WebSphere Integration Developer (WID)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by IBM Integration Designer IID and WebSphere Integration Developer WID. These issues were disclosed as part of the IBM Java SDK updates in April 2015. In addition, the LogJam Attack on TLS connections usin...

Security Bulletin: Multiple vulnerabilities in IBM SDK Java™ Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition April 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVE-2015-0204 was fixed in IBM SDK, Java Technology Edition...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Image Construction and Composition Tool (CVE-2014-3566 and CVE-2014-6457)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM PureApplication System. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the IBM...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVE IDs: CVE-2015-0488 CVE-2015-0478 CVE-2015-0204...