Security Bulletin: January 2015 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products

Summary Multiple N series products incorporate the Java Runtime Environment JRE software libraries. JRE versions up to 8u31 and 7u75 are susceptible to multiple vulnerabilities, potentially leading to an unauthorized Operating System takeover including arbitrary code execution, a partial denial o...

Security Bulletin: October 2014 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products

Summary Multiple N series products incorporate the Java Runtime Environment JRE software libraries. JRE versions up to 8u25, 7u72 and 6u85 are susceptible to multiple vulnerabilites. Vulnerability Details CVEID: CVE-2014-6558 DESCRIPTION: An unspecified vulnerability related to the Security...

Security Bulletin: Vulnerability with Diffie-Hellman ciphers affects IBM Tivoli Netcool Service Quality Manager (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Tivoli Netcool Service Quality Manager. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the...

Security Bulletin: Vulnerability in RC4 stream cipher affects Tivoli Netcool Service Quality Manager (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Tivoli Netcool Service Quality Manager. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker coul...

Security Bulletin: Tivoli Netcool Service Quality Manager is affected by the vulnerabilities in the IBM JRE and Tivoli Directory Server

Summary Tivoli Netcool Service Quality Manager is affected by the vulnerabilities in the IBM Java Runtime Environment Java Technology Edition, Version 5.0 and the IBM Tivoli Directory Server Vulnerability Details CVE-ID: CVE-2014-3065 DESCRIPTION: IBM Java SDK contains a vulnerability in which th...

Determining which CVE fixes are included in a JRE

Question IBM Security Bulletins list CVEs that must be applied to the JRE that RPT scripts use to run tests. How can you determine whether a specific JRE version includes a particular CVE? Answer IBM Security Bulletins list Common Vulnerabilities and Exposures CVE that must be fixed in the T6...

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime Environment (JRE) affect the FileNet Content Manager, IBM Content Foundation and FileNet BPM products (CVE-2015-4872, CVE-2015-5006, CVE-2015-4911, CVE-2015-4893, CVE-2015-4803)

Summary There are multiple vulnerabilities in the IBM Runtime Environment Java Technology Edition used by the FileNet Content Manager, IBM Content Foundation and FileNet Business Process Manager products. These issues are addressed in Version 1.6.0 SR16 FP15, Version 1.7.0 SR9 FP20, and Java 1.8....

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects FileNet Content Manager, IBM Content Foundation and FileNet Business Process Manager. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) and Rational Directory Administrator (CVE-2016-5554, CVE-2016-5542)

Summary There are multiple vulnerabilities in IBM® Runtime Environment that are used by IBM Rational Directory Server Tivoli and IBM Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in October 2016. New product iFixes do not include the JRE. Instal...

Security Bulletin: Rational Service Tester vulnerabilities due to security vulnerabilities in IBM JRE 1.5, 1.6 and 1.7 (CVE-2014-0411, CVE-2014-0453)

Summary A potential security vulnerability exists in the IBM Java Runtime Environment component of IBM Rational Service Tester related to the use of SSL/TLS. Patches for these vulnerabilities are available in IBM JRE 7 iFixes provided with IBM Rational Service Tester version 8.6. Vulnerability...

Security Bulletin: Vulnerabilities in Rational Software Architect Design Manager, Rhapsody Design Manager (CVE-2012-5081, CVE-2013-0440, CVE-2013-0443)

Summary Multiple vulnerabilities in the IBM Java Runtime Environment affect the Jazz Team Server that is shipped with IBM Rational Software Architect Design Manager and IBM Rational Rhapsody Design Manager. Vulnerability Details | Subscribe to My Notifications to be notified of important product...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM Security Network Protection. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH...

Security Bulletin: IBM QRadar SIEM can be affected by Multiple Vulnerabilities in the IBM Java Runtime Environment. (CVE-2015-0478, CVE-2015-0488, CVE-2015-1916, CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931)

Summary Several previously released versions of IBM QRadar SIEM, and IBM QRadar Incident Forensics are affected by multiple vulnerabilities reported in the IBM SDK Java Technology Edition Version 6 and 7. Vulnerability Details CVE-ID: CVE-2015-0478 Description: An unspecified vulnerability in...

Security Bulletin: IBM QRadar SIEM and IBM QRadar Risk Manager can be affected by Multiple Vulnerabilities in the IBM Java Runtime Environment (CVE-2015-0138, CVE-2015-0410, CVE-2015-0400, CVE-2014-6593)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7 that is used by IBM QRadar SIEM, and IBM QRadar Risk Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack...

Security Bulletin: Potential Security Vulnerabilities in Oracle Java 6 SDK affecting IBM WebSphere Multichannel Bank Transformation Toolkit version 8

Summary IBM WebSphere Multichannel Bank Transformation Toolkit version 8.x has a potential security exposure due to vulnerabilities in the Oracle Java 6 SDK that allow remote attackers to affect confidentiality, integrity and availability of the Java platform via various vectors. It happens only ...

Security Bulletin: Multiple vulnerabilities in Java Runtime Environment affects IBM DB2 Recovery Expert for Linux, UNIX and Windows (CVE-2015-0204, CVE-2015-0138, CVE-2015-2808, CVE-2015-0460, CVE-2015-470)

Summary Various vulnerabilities in the Java Runtime Environment could affect IBM DB2 Recovery Expert for Linux, UNIX and Windows. Vulnerability Details CVEID:CVE-2015-0204 DESCRIPTION:A vulnerability in the OpenSSL ssl3getkeyexchange function could allow a remote attacker to downgrade the securit...

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.7.0. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8. These issues were disclosed as part of the IBM Java SDK updates in July 2016, October 2016, January 201...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Metrics Manager (CVE-2015-0478, CVE-2015-0488, CVE-2015-2808)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6 and 7 that are used by IBM Cognos Metrics Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses RC4 Bar Mitzvah Attack for...

Security Bulletin: IBM Cognos Business Intelligence (CVE-2013-3030, CVE-2013-4002, CVE-2013-2407, CVE-2013-2450, CVE-2013-4034, CVE-2013-5372)

Summary A Number of security vulnerabilities exist in the IBM Cognos Business Intelligence product. Vulnerability Details VULNERABILITY DETAILS: CVEID: CVE-2013-3030 Denial of service attack against servlet gateway DESCRIPTION: A malicious user may be send specially crafted HTTP requests to the I...

Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE

Summary This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment JRE included in IBM Operational Decision Manager and IBM ILOG JRules. IBM ODM and ILOG JRules now include the most recent version of the IBM JRE which fixes the security...