Security Bulletin: Multiple vulnerabilities in IBM Java SDK (CVE-2015-0478, CVE-2015-0488, and CVE-2015-1916) and with Diffie-Hellman ciphers (CVE-2015-4000) may affect IBM Integration Designer (IID) and WebSphere Integration Developer (WID)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by IBM Integration Designer IID and WebSphere Integration Developer WID. These issues were disclosed as part of the IBM Java SDK updates in April 2015. In addition, the LogJam Attack on TLS connections usin...

Security Bulletin: Multiple security vulnerabilities have been identified in bundled products shipped with WebSphere Dynamic Process Edition (April 2015)

Summary WebSphere Business Modeler, WebSphere Integration Developer, WebSphere Business Services Fabric, WebSphere Process Server and WebSphere Business Monitor are shipped as components of WebSphere Dynamic Process Edition. Information about security vulnerabilities affecting these products have...

Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect server products in WebSphere Dynamic Process Edition (CVE-2015-4000)

Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 may affect some configurations of IBM WebSphere Application Server Full Profile that is shipped as a component of server products in WebSphere Dynamic Process Edition. The IBM HTTP Server used by WebSphere Application Server is not...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository April 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVE-2015-0204 was fixed in IBM SDK, Java...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Image Construction and Composition Tool (CVE-2014-3566 and CVE-2014-6457)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM PureApplication System. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the IBM...

Security Bulletin: A security vulnerability has been identified in WebSphere MQ Telemetry shipped with WebSphere Remote Server (CVE-2014-4263, CVE-2014-4244, CVE-2015-0410, CVE-2014-6593)

Summary WebSphere MQ Telemetry is shipped as a component of WebSphere Remote Server. Information about a security vulnerability affecting WebSphere MQ Telemetry has been published in a security bulletin. Vulnerability Details For vulnerability details, see the security bulletin Multiple...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer (IID) and WebSphere Integration Developer (WID)(CVE-2015-0138, CVE-2015-0410, CVE-2014-6593)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.6 and 1.7 that is used by IBM Integration Designer IID and WebSphere Integration Developer WID. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Workload Deployer. (CVE-2014-6457, CVE-2014-3566)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM Workload Deployer. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the IBM Java...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository Java 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details To fix the WebSphere Service Registry and...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution (CVE-2014-3566, CVE-2014-6558)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6.0,16.1 and 7.0.7.1 that is used by WebSphere Cast Iron. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as par...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details The following advisories are included in the IBM® SDK Java™...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere MQ (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068 )

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5.0 SR16-FP6 and earlier, 6 SR16 and earlier and 7 SR7 and earlier that are used by IBM WebSphere MQ. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository October 2014 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Service Registry and Repository. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These issues were disclosed...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Dynamic Process Edition (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Dynamic Process Edition. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability relat...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Lombardi Edition (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Lombardi Edition. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability related to t...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Process Server and IBM Business Process Manager (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Process Server and IBM Business Process Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Support Assistant Team Server July 2014 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM Support Assistant Team Server. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details The following two advisories are included in the IBM® SDK Jav...

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Service Registry and Repository. Information about the security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the securi...

Security Bulletin: Multiple vulnerabilities in IBM API Management

Summary Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM API Management V2.0 and V3.0. Vulnerability Details CVEID: CVE-2014-0460 DESCRIPTION: An unspecified vulnerability related to the JNDI component has partial confidentiality impact, partial integrity...

Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server January 2014 CPU

Summary Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server Vulnerability Details The IBM WebSphere Application Server is shipped with an IBM SDK for Java that is based on the Oracle JDK. Oracle has released January 2014 critical...