Security Bulletin: Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6 and 7 affect IBM Content Collector for SAP Applications (CVE-2015-4872, CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6 and 7 that is used by IBM Content Collector for SAP Applications. These issues were disclosed as part of the IBM Java SDK updates in October 2015 and January 2016 and include the...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects Rational Performance Tester (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects Rational Performance Tester. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Build Forge (CVE-2015-2625, CVE-2015-1931, CVE-2015-4872)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7sr9fp10,6sr16fp7 and 5sr16fp13 that is used by IBM Rational Build Forge. These issues were disclosed as part of the IBM Java SDK updates in July and October 2015. Vulnerability Details CVEID: CVE-2015-2625...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway (CVE-2016-0466, CVE-2016-0448, CVE-2015-7575)

Summary There are multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition that affect IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway. These issues were disclosed as part of the IBM Java SDK updates in January 2016 an...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM B2B Advanced Communications (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM B2B Advanced Communications. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server (CVE-2015-4803 CVE-2015-4872 CVE-2015-4893 CVE-2015-5006)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details CVEID: CVE-2015-4803 DESCRIPTION: An...

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk to version 7u181 fixes the following issues: + S8162488: JDK should be updated to use LittleCMS 2.8 + S8180881: Better packaging of deserialization + S8182362: Update CipherOutputStream Usage + S8183032: Upgrade to LittleCMS 2.9 + S8189123: More consistent...

Security Bulletin: Vulnerability in IBM Java Runtime affect IBM WebSphere Appliance Management Center (CVE-2015-7575)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM WebSphere Appliance Management Center. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Process Designer used in IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931, CVE-2015-4872)

Summary There are multiple vulnerabilities in IBM SDK Java™ Technology Edition that is used by IBM Process Designer in IBM Business Process Manager and WebSphere Lombardi Edition. These issues were disclosed as part of the IBM Java SDK updates for October 2015 and in the IBM Java SDK updates in...

Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect server products in WebSphere Dynamic Process Edition (CVE-2015-4000)

Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 may affect some configurations of IBM WebSphere Application Server Full Profile that is shipped as a component of server products in WebSphere Dynamic Process Edition. The IBM HTTP Server used by WebSphere Application Server is not...

Security Bulletin: IBM WebSphere Cast Iron Solution is affected by vulnerabilities CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-3513, CVE-2014-6558, CVE-2014-4263, CVE-2014-4244

Summary A SSLv3 contains a vulnerabilityCVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-3513 that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is used for Client/Server communication in IBM WebSphere Cast Iron Solution Java security...

SUSE-SU-2018:1692-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk to version 7u181 fixes the following issues: + S8162488: JDK should be updated to use LittleCMS 2.8 + S8180881: Better packaging of deserialization + S8182362: Update CipherOutputStream Usage + S8183032: Upgrade to LittleCMS 2.9 + S8189123: More consistent...

SUSE-SU-2018:1690-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...

OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

Insecure Defaults

Apache Derby is vulnerable to insecure defaults. An attacker can send network packets to a Derby Network Server to maliciously boot a database under their control control. The attack is only possible when the Java Security Manager policy file permits the reading of database locations, which is th...

CVE-2018-1313

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...

CVE-2018-1313

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...

DEBIAN-CVE-2018-1313

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...

CVE-2018-1313

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...

UBUNTU-CVE-2018-1313

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...