Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer (CVE-2015-0410, CVE-2015-0400, CVE-2014-6593 and CVE-2015-0138 )

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR7 FP1 and Version 6 SR16 FP1 that is used by Rational Business Developer. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factorin...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i, Rational Developer for AIX and Linux, and Rational Developer for Power Systems Software (CVE-2015-0138, CVE-2015-0410, CVE-2015-0400, CVE-2014-6593)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7 that are used by Rational Developer for i, Rational Developer for AIX and Linux, and Rational Developer for Power Systems Software. These issues were disclosed as part of the IBM Java SDK updates in...

Security Bulletin: node-uuid unsafe fallback to Math.random affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux (CVE-2015-8851)

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. A vulnerability in the node-uuid module causes the module to...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer (CVE-2016-0264)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 that is used by Rational Business Developer. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVEID: CVE-2016-0264 DESCRIPTION: A buffer overflow...

Security Bulletin: IBM Java Quarterly CPU - April 2014 affecting Rational Business Developer (CVE-2014-0453)

Summary IBM SDK, which is based on an Oracle Java Development Kit JDK, is shipped with Rational Business Developer. Oracle has released the April 2014 critical patch updates CPU that contain security vulnerability fixes for the JDK. The IBM SDK has been updated to incorporate these fixes and...

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect the Cordova platform packaged with Rational Application Developer affecting Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. OpenSSL vulnerabilities were disclosed by the OpenSSL Project...

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Developer for i, Rational Developer for AIX and Linux, and Rational Developer for Power Systems Software (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Developer for i, Rational Developer for AIX and Linux, and Rational Developer for Power Systems Software. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, coul...

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect the Cordova platform packaged with Rational Application Developer affecting Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. OpenSSL vulnerabilities were disclosed on June 11, 2015 by the...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Rational Business Developer (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah" Attach for SSL/TLS affects IBM Rational Business Developer. Vulnerability Details CVE-ID: CVE-2015-2808 Description: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...

Security Bulletin: IBM Java Quarterly CPU - October 2014 affecting Rational Business Developer (CVE-2014-6457,CVE-2014-3065 and CVE-2014-3566)

Summary IBM SDK, which is based on an Oracle Java Development Kit JDK, is shipped with Rational Business Developer. Oracle has released the October 2014 critical patch updates CPU that contains security vulnerability fixes for the JDK. The IBM SDK has been updated to incorporate these fixes and...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by Rational Developer for i and Rational Developer for AIX and Linux. These issues were disclosed as part of the IBM Java SDK updates in April 2017 CVE-2017-3511, CVE-2017-3539 and July...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 used by Rational Business Developer. These issues were disclosed as part of the IBM Java SDK updates in Apr and Jul 2017. Vulnerability Details CVEID: CVE-2017-10243 DESCRIPTION: Microsoft Office...

Security Bulletin: ClassLoader manipulation with Apache Struts in WebSphere Application Server affecting Rational Business Developer (CVE-2014-0114)

Summary WebSphere Application Server Test Environment WAS TE from IBM Rational Application Developer for WebSphere Software is shipped with Rational Business Developer. The WAS TE is affected by a classloader manipulation vulnerability in Apache Struts. Information about the security vulnerabilit...

Security Bulletin: ClassLoader manipulation with Apache Struts in WebSphere Application Server affecting Rational Developer for Power Systems Software, Rational Developer for AIX and Linux, Rational Developer for i, (CVE-2014-0114)

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for Power Systems Software, Rational Developer for i, and Rational Developer for AIX and Linux. Information about a security vulnerability affecting Rational Application...

Security Bulletin: ClassLoader manipulation with Apache Struts in Rational Application Developer affecting Rational Business Developer (CVE-2014-0114)

Summary The Struts tool of IBM Rational Application Developer is shipped as a component of Rational Business Developer. The Struts tool is affected by a classloader manipulation vulnerability in Apache Struts. Information about the security vulnerability affecting Rational Application Developer h...

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Multiple Node.js vulnerabilities have been discovered that...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. OpenSSL vulnerabilities were disclosed on March 1, 2016 by the...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 & 8 and IBM® Runtime Environment Java™ Version 7 & 8 and IBM® Runtime Environment Java™ Version 7 & 8 used by Rational Business Developer. These issues were disclosed as part of the IBM Java SDK updates in...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 7, and 8 that are used by Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software CVE-2015-7575, CVE-2016-0466, CVE-2016-0475, CVE-2016-0448. These...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer (CVE-2015-7575, CVE-2016-0466)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 that is used by Rational Business Developer. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. Vulnerabili...