Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence (CVE-2017-12615, CVE-2017-12616, CVE-2017-12617)

Summary Jazz Reporting Service is shipped as a component of Rational Reporting for Development Intelligence RRDI. Information about multiple security vulnerabilities affecting Jazz Reporting Service has been published in a security bulletin. Vulnerability Details CVEID: CVE-2017-12617 DESCRIPTION...

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Reporting for Development Intelligence

Summary OpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL is used by Rational Reporting for Development Intelligence RRDI. RRDI has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-3730 DESCRIPTION: OpenSSL is vulnerable to a denial of...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Rational Reporting for Development Intelligence

Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Reporting for Development Intelligence RRDI. The issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017. Vulnerability Details CVEID: CVE-2016-5597...

Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence

Summary The Rational Reporting for Development Intelligence RRDI is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact. Vulnerability Details CVEID: CVE-2016-0762 DESCRIPTION: Apache Tomcat could allow a remot...

Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence (CVE-2016-6816, CVE-2016-8735)

Summary The Rational Reporting for Development Intelligence RRDI is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact. Vulnerability Details CVEID: CVE-2016-6816 DESCRIPTION: Apache Tomcat is vulnerable to HT...

Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence (CVE-2016-5898, CVE-2016-5899, CVE-2016-6054)

Summary Jazz Reporting Service is shipped as a component of Rational Reporting for Development Intelligence RRDI. Information about multiple security vulnerabilities affecting Jazz Reporting Service has been published in a security bulletin. Vulnerability Details Consult the security bulletin...

Security Bulletin: A security vulnerability has been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence (CVE-2016-3092)

Summary Jazz Reporting Service is shipped as a component of Rational Reporting for Development Intelligence RRDI. Information about a security vulnerability affecting Jazz Reporting Service has been published in a security bulletin. Vulnerability Details Consult the security bulletin Security...

Security Bulletin: A vulnerability in IBM Java SDK affects Rational Reporting for Development Intelligence (CVE-2016-3427)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Reporting for Development Intelligence RRDI. The issue was disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVEID: CVE-2016-3427 DESCRIPTION: An unspecified...

Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE

Summary Jazz Reporting Service is shipped as a component of Rational Reporting for Development Intelligence RRDI. Information about multiple security vulnerabilities affecting Jazz Reporting Service has been published in a security bulletin. Vulnerability Details Consult the security bulletin...

Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence (CVE-2015-7440, CVE-2015-7453)

Summary Jazz Reporting Service is shipped as a component of Rational Reporting for Development Intelligence RRDI. Information about multiple security vulnerabilities affecting Jazz Reporting Service has been published in a security bulletin. Vulnerability Details Consult the security bulletin...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligence (CVE-2015-4872, CVE-2015-4893, CVE-2015-4803, CVE-2015-5006, CVE-2016-0483, CVE-2015-7575, CVE-2016-0448, CVE-2016-0466)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by Rational Reporting for Development Intelligence RRDI. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and October 2015, and include the vulnerability commonly...

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Reporting for Development Intelligence (CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293)

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by Rational Reporting for Development Intelligence RRDI. RRDI has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0, which is used by IBM Development Package for Apache Spark. These issues are disclosed as part of the IBM Java SDK updates in July 2017. These vulnerabilities could affect the negotiation and use of certa...

Security Bulletin: IBM Development Package for Apache Spark might create a remote exploitation vector against old Internet Explorer browsers through XSS

Summary IBM Development Package for Apache Spark addresses the following vulnerability. The vulnerability is a potential cross-site scripting XSS attack on a Web UI client; server-side analytical processing by Apache Spark is not affected and data is not compromised. Vulnerability Details CVEID:...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM® Development Package for Apache Spark

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is used by IBM Development Package for Apache Spark. These issues are disclosed as part of the IBM Java SDK updates in April 2017. IBM Development Package for Apache Spark is providing an IBM Java SD...

Security Bulletin: Vulnerability in dependent component shipped in IBM Development Package for Apache Spark (CVE-2016-4970)

Summary The developerWorks download for IBM Development Package for Apache Spark is not vulnerable in its default configuration. However, IBM Development Package for Apache Spark could be vulnerable to a Denial of Service attack if the 'netty-tcnative' component is added and configured onto the...

Security Bulletin: Vulnerability in dependent component distributed in IBM Development Package for Apache Spark (CVE-2015-1832)

Summary Apache Derby versions up to 10.12.1.1 may be susceptible to an XML external entity XXE attack. Hive's metastore, where created, requires Derby when Apache Hadoop data sources are used with Apache Spark. Apache Derby is therefore included in the IBM Development Package for Apache Spark...

Security Bulletin: Vulnerability in legacy component distributed in IBM Development Package for Apache Spark (CVE-2012-5783)

Summary The Jakarta Commons httpclient version 3.x is known to be vulnerable to SSL spoofing, and is included in the IBM Development Package for Apache Spark, primarily to provide legacy support for Hadoop 2.2. A patch is applied to Jakarta Commons httpclient version 3.1 to fix the vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is provided with IBM Development Package for Apache Spark. These issues are disclosed as part of the IBM Java SDK updates in July 2016. Vulnerability Details If you run Java code using the IBM runtim...

Security Bulletin: Vulnerability in Apache Groovy that could affect IBM Development Package for Apache Spark (CVE-2015-3253)

Summary Apache Groovy™ could allow a remote attacker to run arbitrary, untrusted code on the system. Vulnerability Details CVEID: CVE-2015-3253 DESCRIPTION: Apache Groovy could allow a remote attacker to run arbitrary, untrusted code on the system. This issue is caused by the failure to isolate...