Security Bulletin: IBM Security Guardium Data Redaction is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Jul 2016 - Includes Oracle Jul 2016 CPU (CVE-2016-3485)

Summary An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact. Vulnerability Details CVEID: CVE-2016-3485 DESCRIPTION: An unspecified vulnerability related to the Networking component has no confidentiality...

Security Bulletin: Multiple vulnerabilities in IBM® Runtime Environments Java™ Technology Edition, Versions 6, 7, 8 affect IBM Transformation Extender Hypervisor Edition for AIX (CVE-2016-0466, CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® Runtime Environments Java™ Technology Edition, Versions 6, 7, 8 that are used by IBM Transformation Extender Hypervisor Edition for AIX. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and include the vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM® Runtime Environments Java™ Technology Edition, Versions 6, 7, 8 affect IBM Transformation Extender Hypervisor Edition (CVE-2016-0466, CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® Runtime Environments Java™ Technology Edition, Versions 6, 7, 8 that are used by IBM Transformation Extender Hypervisor Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and include the vulnerability commonl...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®.

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6.0.16.55 and earlier, 6.1.8.55 and earlier, 7.0.10.15 and earlier, 7.1.4.15 and earlier, 8.0.5.7 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in January 2018...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center and IBM ILOG ODM Enterprise

Summary There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 6 and 7 used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in January 2018 Vulnerability Details If you run your own Java code using the...

Security Bulletin: IBM® Db2® is affected by vulnerabilities in the IBM® SDK, Java Technology Edition Quarterly Critical Patch Updates (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843)

Summary Db2 is affected by vulnerabilities in IBM® JDK. This only affects customers using Integrated Text Search. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer arithmetic in inftrees.c. By persuading a victim ...

Security Bulletin: Security vulnerabilities have been identified in SSL/TLS with InfoSphere Optim Query Workload Tuner [for LUW, z/OS] (CVE-2017-10115 CVE-2017-10116)

Summary SSL/TLS are used in InfoSphere Optim Query Workload Tuner for LUW, z/OS. Information about security vulnerabilities affecting SSL/TLS have been published in a security bulletin. Vulnerability Details CVEID: CVE-2017-10115 DESCRIPTION: An unspecified vulnerability related to the Java SE JC...

Security Bulletin: InfoSphere Replication Dashboard is affected by a vulnerability in the IBM Runtime Environment, Java Technology Edition (CVE-2014-4263)

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7.1.1.0 that is used by InfoSphere Replication Dashboard. These issues were disclosed as part of the IBM Java SDK updates in July 2014. IBM InfoSphere Replication Dashboard is affected by a sing...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM InfoSphere Discovery (CVE-2015-7575)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM InfoSphere Discovery. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION...

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition™ affect IBM InfoSphere Information Server (CVE-2013-5802, CVE-2013-5823, CVE-2013-5825, CVE-2013-5780, CVE-2013-5803 and CVE-2013-5372)

Summary IBM Information Server is impacted by security vulnerabilities in IBM SDK, Java Technology Edition™ that affect availability and confidentiality. Vulnerability Details CVE ID: CVE-2013-5802 DESCRIPTION: An unspecified vulnerability related to the JAXP component has partial confidentiality...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center and IBM ILOG ODM Enterprise

Summary There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 6 and 7 used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in April 2017. Vulnerability Details If you run your own Java code using the I...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center (CVE-2016-5554, CVE-2016-5556, CVE-2016-5568)

Summary There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 6 and 7 used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in October 2016. Vulnerability Details If you run your own Java code using the...

Security Bulletin: An unspecified JMX component vulnerability affects IBM SPSS Analytic Server (CVE-2016-3427)

Summary The IBM® Runtime Environment Java™ Technology Edition, Version 1.7, that is used by IBM SPSS Analytic Server, contains an unspecified vulnerability related to the JMX component. The vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors...

Security Bulletin: IBM InfoSphere Streams update of IBM® SDK Java™ Technology Edition (CVE-2016-0363, CVE-2016-0376)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refresh 2 Fix Pack 11 and earlier releases, Version 7R1 Service Refresh 3 Fix Pack 31 and earlier releases, and Version 6 Service Refresh 16 Fix Pack 21 and earlier releases provided with IBM...

Security Bulletin:Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM DB2 Recovery Expert for Linux, UNIX and Windows (CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494, CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM DB2 Recovery Expert for Linux, UNIX and Windows . Information about these vulnerabilities affecting IBM Java SDK has been published in a security bulletin. Vulnerability Details CVEID: CVE-2016-040...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect Data Studio, InfoSphere Data Architect, Optim Query Workload Tuner for Linux, UNIX and Windows, and Optim Query Workload Tuner for z/OS (CVE-2016-0466, CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Data Studio, InfoSphere Data Architect, Optim Query Workload Tuner for Linux, UNIX and Windows, and Optim Query Workload Tuner for z/OS. These issues were disclosed as part of the IBM Java SDK...

Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition, Versions 1.6 and 1.7, affect IBM SPSS Analytic Server (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® SDK Java™ Technology Edition, Version 1.6 and 1.7, that is used by IBM SPSS Analytic Server. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM DB2 Recovery Expert for Linux, UNIX and Windows (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM DB2 Recovery Expert for Linux, UNIX, and Windows Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, cause...

Security Bulletin: Vulnerability in RC4 stream cipher affects various Optim data server tools desktop products (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects various Optim data server tools desktop products. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Data Studio Web Console. (CVE-2014-6593, CVE-2015-0410)

Summary There are multiple vulnerabilities in IBMｮ Runtime Environments JavaTechnology Edition, Version 5, 6 and 7 that is used by IBM Data Studio Web Console DSWC. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details CVE-ID: CVE-2014-6593...