Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Lifecycle Integration Adapter for HP ALM (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM® SDK Java™ Technology Edition, Version 6.0.16.2, that is supplied with specific versions of Rational Lifecycle Integration Adapter for HP ALM. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION:The RC4 algorithm, as used in the TLS...

Security Bulletin: Vulnerability in IBM Java SDK affects Rational Lifecycle Integration Adapter for HP ALM (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® SDK Java™ Technology Edition, Version 6.0.16.2, that is used by Rational Lifecycle Integration Adapter for HP ALM. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability ...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect RequisitePro (CVE-2014-3566 and CVE-2014-6457)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, versions 1.5, 1.6 and 1.7 which are used by IBM Rational RequisitePro. These issues were disclosed as part of the IBM Java SDK updates in October 2014. Vulnerability Details CVEID: CVE-2014-3566 Description: Product...

Security Bulletin: A security vulnerability has been identified in IBM SDK, Java Technology Edition bundled product shipped with Rational Asset Manager (CVE-2014-2421, CVE-2014-1876)

Summary IBM SDK, Java Technology Edition is shipped as a component of IBM Rational Asset Manager. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in a security bulletin. Vulnerability Details | Subscribe to My Notifications to be notified o...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway

Summary IBM SDK, Java Technology Edition is shipped as a component of IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway. Information about multiple security vulnerabilities affecting IBM SDK, Java Technology Edition has been published in a security...

Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect IBM i2 Intelligence Analysis Platform (CVE-2015-4000)

Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 may affect some configurations of the IBM WebSphere Application Server used with the IBM i2 Intelligence Analysis Platform. The IBM HTTP Server used by IBM i2 Intelligence Analysis Platform is not affected. Vulnerability Details...

Security Bulletin: Multiple security vulnerabilities have been identified in WebSphere Application Server shipped with IBM Tivoli Security Policy Manager

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Tivoli Security Policy Manager TSPM. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin. Vulnerability Details Please consult the security...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center and IBM ILOG ODM Enterprise

Summary There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 6 and 7 used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in January 2018 Vulnerability Details If you run your own Java code using the...

Security Bulletin: IBM® Db2® is affected by vulnerabilities in the IBM® SDK, Java Technology Edition Quarterly Critical Patch Updates (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843)

Summary Db2 is affected by vulnerabilities in IBM® JDK. This only affects customers using Integrated Text Search. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer arithmetic in inftrees.c. By persuading a victim ...

Security Bulletin: Security vulnerabilities have been identified in SSL/TLS with InfoSphere Optim Query Workload Tuner [for LUW, z/OS] (CVE-2017-10115 CVE-2017-10116)

Summary SSL/TLS are used in InfoSphere Optim Query Workload Tuner for LUW, z/OS. Information about security vulnerabilities affecting SSL/TLS have been published in a security bulletin. Vulnerability Details CVEID: CVE-2017-10115 DESCRIPTION: An unspecified vulnerability related to the Java SE JC...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM InfoSphere Discovery (CVE-2015-7575)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM InfoSphere Discovery. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION...

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition™ affect IBM InfoSphere Information Server (CVE-2013-5802, CVE-2013-5823, CVE-2013-5825, CVE-2013-5780, CVE-2013-5803 and CVE-2013-5372)

Summary IBM Information Server is impacted by security vulnerabilities in IBM SDK, Java Technology Edition™ that affect availability and confidentiality. Vulnerability Details CVE ID: CVE-2013-5802 DESCRIPTION: An unspecified vulnerability related to the JAXP component has partial confidentiality...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center and IBM ILOG ODM Enterprise

Summary There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 6 and 7 used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in April 2017. Vulnerability Details If you run your own Java code using the I...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center (CVE-2016-5554, CVE-2016-5556, CVE-2016-5568)

Summary There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 6 and 7 used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in October 2016. Vulnerability Details If you run your own Java code using the...

Security Bulletin: An unspecified JMX component vulnerability affects IBM SPSS Analytic Server (CVE-2016-3427)

Summary The IBM® Runtime Environment Java™ Technology Edition, Version 1.7, that is used by IBM SPSS Analytic Server, contains an unspecified vulnerability related to the JMX component. The vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect Data Studio, InfoSphere Data Architect, Optim Query Workload Tuner for Linux, UNIX and Windows, and Optim Query Workload Tuner for z/OS (CVE-2016-0466, CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Data Studio, InfoSphere Data Architect, Optim Query Workload Tuner for Linux, UNIX and Windows, and Optim Query Workload Tuner for z/OS. These issues were disclosed as part of the IBM Java SDK...

Security Bulletin: Vulnerability in RC4 stream cipher affects various Optim data server tools desktop products (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects various Optim data server tools desktop products. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Data Studio Web Console. (CVE-2014-6593, CVE-2015-0410)

Summary There are multiple vulnerabilities in IBMｮ Runtime Environments JavaTechnology Edition, Version 5, 6 and 7 that is used by IBM Data Studio Web Console DSWC. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details CVE-ID: CVE-2014-6593...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect various Optim data server tools desktop products (CVE-2014-6558, CVE-2014-3068)

Summary There are multiple vulnerabilities in IBM SDK Java™ Technology Edition, Versions 7 Service Refresh 7 Fix Pack 1, 7R1 Service Refresh 1 Fix Pack 1, 6 Service Refresh 16 Fix Pack 1, and earlier releases that are used by various Optim data server tools desktop products. These issues were...

Security Bulletin: IBM Cognos Metrics Manager 2018 Q1 Security Update: IBM Cognos Metrics Manager is affected by multiple vulnerabilities.

Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Metrics Manager. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM...