Security Bulletin: Man In The Middle Attack Vulnerability Affecting Rational Developer for AIX and Linux, Rational Developer for i, and Rational Developer for Power Systems Software (CVE-2014-0411)

Summary The version of the Java Runtime Environment shipped with certain versions of Rational Developer for AIX and Linux, Rational Developer for i, and Rational Developer for Power Systems Software has security vulnerabilities which affect these products. Vulnerability Details | Subscribe to My...

java security update

CentOS Errata and Security Advisory CESA-2018:2241 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

Security Bulletin: IBM Cognos Metrics Manager 2018 Q2 Security Update: IBM Cognos Metrics Manager is affected by multiple vulnerabilities.

Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Metrics Manager. IBM Cognos Metrics Manager consumes OpenSSL. Multiple vulnerabilities have been addressed in OpenSSL. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.6 and 1.7 that is used by FSM. These issues were disclosed as part of the IBM Java SDK updates in April 2017. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2017-3539 DESCRIPTIO...

Security Bulletin: Multiple vulnerabilities in Oracle® Java™ Runtime Environment version 1.7 that is used by IBM Flex System Manager (FSM) Storage Management Install Anywhere (SMIA)

Summary There are multiple vulnerabilities in Oracle® Java™ Runtime Environment version 1.7 that is used by IBM Flex System Manager FSM Storage Management Install Anywhere SMIA configuration tool. These issues were disclosed as part of the Java updates from July 2015, October 2015, January 2016 a...

Security Bulletin: January 2015 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products

Summary Multiple N series products incorporate the Java Runtime Environment JRE software libraries. JRE versions up to 8u31 and 7u75 are susceptible to multiple vulnerabilities, potentially leading to an unauthorized Operating System takeover including arbitrary code execution, a partial denial o...

Security Bulletin: October 2014 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products

Summary Multiple N series products incorporate the Java Runtime Environment JRE software libraries. JRE versions up to 8u25, 7u72 and 6u85 are susceptible to multiple vulnerabilites. Vulnerability Details CVEID: CVE-2014-6558 DESCRIPTION: An unspecified vulnerability related to the Security...

Security Bulletin: Vulnerability with Diffie-Hellman ciphers affects IBM Tivoli Netcool Service Quality Manager (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Tivoli Netcool Service Quality Manager. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the...

Security Bulletin: Vulnerability in RC4 stream cipher affects Tivoli Netcool Service Quality Manager (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Tivoli Netcool Service Quality Manager. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker coul...

Security Bulletin: Tivoli Netcool Service Quality Manager is affected by the vulnerabilities in the IBM JRE and Tivoli Directory Server

Summary Tivoli Netcool Service Quality Manager is affected by the vulnerabilities in the IBM Java Runtime Environment Java Technology Edition, Version 5.0 and the IBM Tivoli Directory Server Vulnerability Details CVE-ID: CVE-2014-3065 DESCRIPTION: IBM Java SDK contains a vulnerability in which th...

Determining which CVE fixes are included in a JRE

Question IBM Security Bulletins list CVEs that must be applied to the JRE that RPT scripts use to run tests. How can you determine whether a specific JRE version includes a particular CVE? Answer IBM Security Bulletins list Common Vulnerabilities and Exposures CVE that must be fixed in the T6...

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime Environment (JRE) affect the FileNet Content Manager, IBM Content Foundation and FileNet BPM products (CVE-2015-4872, CVE-2015-5006, CVE-2015-4911, CVE-2015-4893, CVE-2015-4803)

Summary There are multiple vulnerabilities in the IBM Runtime Environment Java Technology Edition used by the FileNet Content Manager, IBM Content Foundation and FileNet Business Process Manager products. These issues are addressed in Version 1.6.0 SR16 FP15, Version 1.7.0 SR9 FP20, and Java 1.8....

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects FileNet Content Manager, IBM Content Foundation and FileNet Business Process Manager. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) and Rational Directory Administrator (CVE-2016-5554, CVE-2016-5542)

Summary There are multiple vulnerabilities in IBM® Runtime Environment that are used by IBM Rational Directory Server Tivoli and IBM Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in October 2016. New product iFixes do not include the JRE. Instal...

Security Bulletin: Rational Service Tester vulnerabilities due to security vulnerabilities in IBM JRE 1.5, 1.6 and 1.7 (CVE-2014-0411, CVE-2014-0453)

Summary A potential security vulnerability exists in the IBM Java Runtime Environment component of IBM Rational Service Tester related to the use of SSL/TLS. Patches for these vulnerabilities are available in IBM JRE 7 iFixes provided with IBM Rational Service Tester version 8.6. Vulnerability...

Security Bulletin: Vulnerabilities in Rational Software Architect Design Manager, Rhapsody Design Manager (CVE-2012-5081, CVE-2013-0440, CVE-2013-0443)

Summary Multiple vulnerabilities in the IBM Java Runtime Environment affect the Jazz Team Server that is shipped with IBM Rational Software Architect Design Manager and IBM Rational Rhapsody Design Manager. Vulnerability Details | Subscribe to My Notifications to be notified of important product...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM Security Network Protection. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH...

Security Bulletin: IBM QRadar SIEM can be affected by Multiple Vulnerabilities in the IBM Java Runtime Environment. (CVE-2015-0478, CVE-2015-0488, CVE-2015-1916, CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931)

Summary Several previously released versions of IBM QRadar SIEM, and IBM QRadar Incident Forensics are affected by multiple vulnerabilities reported in the IBM SDK Java Technology Edition Version 6 and 7. Vulnerability Details CVE-ID: CVE-2015-0478 Description: An unspecified vulnerability in...

Security Bulletin: IBM QRadar SIEM and IBM QRadar Risk Manager can be affected by Multiple Vulnerabilities in the IBM Java Runtime Environment (CVE-2015-0138, CVE-2015-0410, CVE-2015-0400, CVE-2014-6593)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7 that is used by IBM QRadar SIEM, and IBM QRadar Risk Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack...

Security Bulletin: Potential Security Vulnerabilities in Oracle Java 6 SDK affecting IBM WebSphere Multichannel Bank Transformation Toolkit version 8

Summary IBM WebSphere Multichannel Bank Transformation Toolkit version 8.x has a potential security exposure due to vulnerabilities in the Oracle Java 6 SDK that allow remote attackers to affect confidentiality, integrity and availability of the Java platform via various vectors. It happens only ...