Security Bulletin: Vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2016-3485 CVE-2016-5597)

Summary There is a vulnerability in the IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. This issue was disclosed as part of the IBM Java SDK updates in July 2016 and October 2016. Vulnerability Details CVEID: CVE-2016-3485 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect Decision Optimization Center (CVE-2016-3598)

Summary There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Version 6 and Version 7 that are used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in July 2016. Vulnerability Details If you run your own Java...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Streams (CVE-2016-0466, CVE-2016-0448)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refresh 2 Fix Pack 11 and earlier releases, Version 7R1 Service Refresh 3 Fix Pack 31 and earlier releases, and Version 6 Service Refresh 16 Fix Pack 21 and earlier releases. If you run your own Jav...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Decision Optimization Center

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVE IDs: CVE-2016-3443, CVE-2016-0687, CVE-2016-0686,...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM Decision Optimization Center (CVE-2016-0603)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM Decision Optimization Center. SDK installation executables on the Windows platform are affected by this vulnerability. Vulnerability Details CVE-ID: CVE-2016-0603 Description: IBM Java JRE/SDK cou...

Security Bulletin: "SLOTH" vulnerability in IBM Java SDK affects InfoSphere Streams (CVE-2015-7575)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Versions 7R1 Service Refresh 3 Fix Pack 1 and earlier releases and Version 8 Service Refresh 1 Fix Pack 1 and earlier releases that is used by IBM® InfoSphere Streams. This vulnerability, commonly referred to as SLOTH, was...

Security Bulletin: A security vulnerability has been identified in IBM Java SDK shipped with IBM Data Studio, InfoSphere Data Architect, Optim Query Workload Tuner for Linux, UNIX and Windows, and Optim Query Workload Tuner for z/OS (CVE-2015-4872)

Summary IBM Java SDK is shipped as a component of IBM Data Studio, InfoSphere Data Architect, InfoSphere Optim Query Workload Tuner for Linux, UNIX and Windows, and InfoSphere Optim Query Workload Tuner for z/OS. Information about a security vulnerability affecting IBM Java SDK has been published...

Security Bulletin: SLOTH - Weak MD5 Signature Hash vulnerability in IBM Java SDK affect IBM SPSS Collaboration and Deployment Services (CVE-2015-7575)

Summary SLOTH - Weak MD5 Signature Hash vulnerability in IBM Java SDK affect IBM SPSS Collaboration and Deployment Services CVE-2015-7575 Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server (CVE-2016-0475 CVE-2016-0466 CVE-2015-7575 CVE-2016-0448)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM® DB2® LUW (CVE-2015-7575)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6.0 and 7.0 that is used by DB2 LUW. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The T...

Security Bulletin: A security vulnerability has been identified in IBM Java SDK shipped with IBM DB2 Recovery Expert for Linux, UNIX, and Windows (CVE-2015-4872)

Summary IBM Java SDK is shipped as a component of IBM DB2 Recovery Expert for Linux, UNIX, and Windows . Information about a security vulnerability affecting IBM Java SDK has been published in a security bulletin. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An unspecified vulnerabilit...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Decision Optimization Center

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. Vulnerabilit...

Security Bulletin: A potential vulnerability in IBM Java SDK affect InfoSphere Streams (CVE-2015-4872)

Summary There is a potential vulnerability in IBM® SDK Java™ Technology Edition, Versions 6 SR16 FP4, 7R1 SR3 and 8 SR1 that are used by InfoSphere Streams. This issue was disclosed as part of the IBM Java SDK updates in Oct 2015. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server (CVE-2015-4803 CVE-2015-4872 CVE-2015-4893 CVE-2015-5006)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details CVEID: CVE-2015-4803 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SPSS Modeler (CVE-2015-2625, CVE-2015-1931, CVE-2015-2613, CVE-2015-2601)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version Version 6 Service Refresh 16 Fix Pack 5, IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 Fix Pack 1, IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 1 that are used by I...

Security Bulletin: DH key exchange protocol vulnerability (“Logjam”) in IBM Java SDK affects IBM SPSS Statistics (CVE-2015-4000)

Summary TLS connections using Diffie-Hellman DH key exchange protocol, “Logjam” attack, affects IBM Java SDK 1.6, 1.7 that is used by IBM SPSS Statistics. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SPSS Modeler (CVE-2015-0138, CVE-2015-0383, CVE-2015-0410, CVE-2014-6593)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6.0.15, 7.1.2, 7.0.8 that is used by IBM SPSS Modeler. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SPSS Modeler (CVE-2015-4000, CVE-2015-0478, CVE-2015-0488)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 3, IBM SDK Java Technology Edition, Version 7 Service Refresh 8 Fix Pack 10, and IBM SDK Java Technology Edition, Version 7R1 Service Refresh 2 Fix Pack 10 that are used by IBM SPS...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SPSS Collaboration and Deployment Services (CVE-2015-0478, CVE-2015-0488, CVE-2015-2808, CVE-2015-4000)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 1.6 and 1.7 that are used by IBM SPSS Collaboration and Deployment Services. These issues were disclosed as part of the IBM Java SDK updates in April 2015 and IBM Java SDK update addressing TLS protocol...

Security Bulletin: DH key exchange protocol vulnerability (“Logjam”) in IBM Java SDK affects IBM SPSS Analytic Server (CVE-2015-4000)

Summary Vulnerabilities in SSL/TLS protocol during key exchange phase using Diffie-Hellman DH ciphersuite, “Logjam” attack, affects IBM Java SDK 1.6, 1.7 that is used by IBM SPSS Analytic Server. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacke...