Security Bulletin: Vulnerabilities in IBM Java Runtime and IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments

Summary IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments may be affected by the below IBM Java and IBM WebSphere Application Server Liberty vulnerabilities CVEs. Vulnerability Details CVEID:CVE-2022-22476...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM App Connect Enterprise and IBM Integration Bus

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM App Connect Enterprise and IBM Integration Bus. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Apr 2022 includes Oracle April 2022 CPU. The fix includes IBM Jav...

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2022-21299)

Summary There is a vulnerability in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-21299 DESCRIPTION: An unspecified vulnerability in...

Security Bulletin: IBM Tivoli Directory Integrator can be affected by vulnerabilities in the IBM Java Runtime Environment (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Abstract CVE-2013-0440 - Unspecified vulnerability in IBM Java Runtime Environment allows remote attackers to affect availability via vectors related to JSSE. CVE- 2013-0443 - Unspecified vulnerability in IBM Java Runtime Environment allows remote attackers to affect confidentiality and integrity...

Security Bulletin: Multiple vulnerabilities in InfoSphere Optim Performance Manager due to vulnerabilities in IBM Java Runtime Environment (CVE-2013-0440, CVE-2013-0443)

Abstract IBM InfoSphere Optim Performance Manager uses the IBM Java Runtime Environment JRE and might be affected by vulnerabilities in the IBM JRE. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0440 DESCRIPTION: An unspecified vulnerability in Oracle Java within the JSSE component could allow ...

Security Bulletin: IBM Tivoli Federated Identity Manager and Tivoli Federated Identity Manager Business Gateway can be affected by three vulnerabilities in the Websphere IBM Java Runtime Environment (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Abstract CVE-2013-0440 - Unspecified vulnerability in IBM Java Runtime Environment allows remote attackers to affect availability via vectors related to JSSE. CVE- 2013-0443 - Unspecified vulnerability in IBM Java Runtime Environment allows remote attackers to affect confidentiality and integrity...

Security Bulletin: Vulnerability in SSLv3 affects IBM Data Studio Web Console (CVE-2014-3566)

Abstract SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Data Studio Web Console. Content Vulnerability Details CVE-ID : CVE-2014-3566 DESCRIPTION : IBM Data Studio Web Console could allow a remo...

Security Bulletin: Multiple vulnerabilities in IBM Rational Policy Tester (CVE-2013-0531, CVE-2013-0440, CVE-2013-4062, CVE-2013-4061, CVE-2013-2407)

Abstract Previous releases of IBM Rational Policy Tester are affected by multiple vulnerabilities reported in 3rd party components bundled with the product as well as in proprietary IBM code. These vulnerabilities include Java components, weak cipher suites, invalid certificate warnings and URL...

Security Bulletin: InfoSphere Optim Performance Manager affected by vulnerability in IBM JAVA JRE (CVE-2013-0169)

Abstract IBM InfoSphere Optim Performance Manager uses the IBM Java Runtime Environment JRE and is affected by a vulnerability in the IBM JRE. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0169 DESCRIPTION: The TLS protocol does not properly consider timing side-channel attacks, which allows...

Security Bulletin: IBM Tivoli Directory Integrator can be affected by a vulnerability in IBM Java Runtime Environment (CVE-2012-5081)

Abstract The JDK’s TLS implementation may not check the TLS vector length as set out in the Internet Engineering Task Force Request For Comments RFC 5246. The fix enhances the checking for the vector length. Content VULNERABILITY DETAILS: DESCRIPTION: The JDK's TLS implementation may not check th...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2022-21496, CVE-2022-21299)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21496...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer in IBM Business Automation Workflow and IBM Business Process Manager

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7, which is used by the desktop version of IBM Process Designer in both IBM Business Automation Workflow and IBM Business Process Manager. IBM Process Designer has addressed the applicable CVEs. Vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer in IBM Business Automation Workflow and IBM Business Process Manager

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer in both IBM Business Automation Workflow and IBM Business Process Manager. IBM Process Designer has addressed the applicable CVEs. Vulnerability...

Security Bulletin: CVE-2019-4732 vulnerabilitiy in IBM Java Runtime affects IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Summary A vulnerabilitiy exists in IBM® Runtime Environment Java™ Versions 6 and 7 used by the desktop version of IBM Process Designer. IBM Process Designer has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2019-4732 DESCRIPTION: IBM SDK, Java Technology Edition Version could allo...

Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms

Summary TXSeries for Multiplatforms has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofin...

Security Bulletin: Vulnerability in IBM Java Runtime(CVE-2021-35603) affects DB2 Recovery Expert for Linux, Unix and Windows

Summary An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. Vulnerability Details CVEID:CVE-2021-35603 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerability in IBM Java Runtime affects Tivoli Storage Productivity Center (CVE-2015-2590)

Summary Vulnerability CVE-2015-2590 exists in IBM® Runtime Environment Java™ Technology Edition, Version 6.0.16.5 and earlier that is shipped with Tivoli Storage Productivity Center for download and use with its Java WebStart GUI. Vulnerability Details CVEID: CVE-2015-2590 DESCRIPTION: An...

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Service Tester (CVE-2021-35550)

Summary A vulnerability in IBM SDK Java Version 1.8 and IBM Runtime Environment Java Version 1.8 used by Rational Service Tester. Rational Service Tester has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to th...

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearCase ( CVE-2021-35578, CVE-2021-35603, CVE-2021-35550, CVE-2021-35561, CVE-2022-21299 )

Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in October 2021 and January 2022. Vulnerability Details CVEID:CVE-2021-35578 DESCRIPTION: An unspecifi...

WebSphere Application Server and IBM HTTP Server Security Bulletin List

Question Is there a list that contains the security bulletins that apply to WebSphere Application Server and IBM HTTP Server? Answer The following table is provided to help you locate WebSphere Application Server and IBM HTTP Server security bulletins. These are listed numerically by CVE number n...