Security Bulletin: IBM InfoSphere Streams update of IBM® SDK Java™ Technology Edition (CVE-2016-0363, CVE-2016-0376)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refresh 2 Fix Pack 11 and earlier releases, Version 7R1 Service Refresh 3 Fix Pack 31 and earlier releases, and Version 6 Service Refresh 16 Fix Pack 21 and earlier releases provided with IBM...

Security Bulletin:Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM DB2 Recovery Expert for Linux, UNIX and Windows (CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494, CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM DB2 Recovery Expert for Linux, UNIX and Windows . Information about these vulnerabilities affecting IBM Java SDK has been published in a security bulletin. Vulnerability Details CVEID: CVE-2016-040...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect Data Studio, InfoSphere Data Architect, Optim Query Workload Tuner for Linux, UNIX and Windows, and Optim Query Workload Tuner for z/OS (CVE-2016-0466, CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Data Studio, InfoSphere Data Architect, Optim Query Workload Tuner for Linux, UNIX and Windows, and Optim Query Workload Tuner for z/OS. These issues were disclosed as part of the IBM Java SDK...

Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 1.5, 1.6 and 1.7 affect IBM SPSS Collaboration and Deployment Services: (CVE-2015-0138, CVE-2014-6593, CVE-2015-0410)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 1.5, 1.6 and 1.7 that are used by IBM SPSS Collaboration and Deployment Services. These issues were disclosed as part of the IBM Java SDK updates in January 2015 and the “FREAK: Factoring Attack on RSA-EXPORT...

Security Bulletin: Vulnerability in RC4 stream cipher in IBM SDK Java Technology Edition, Versions 1.6 and 1.7 affects IBM SPSS Collaboration and Deployment Services (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM SPSS Collaboration and Deployment Services. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition, Versions 1.6 and 1.7, affect IBM SPSS Analytic Server (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® SDK Java™ Technology Edition, Version 1.6 and 1.7, that is used by IBM SPSS Analytic Server. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS...

Security Bulletin: Multiple vulnerabilities affect IBM InfoSphere Information Server (CVE-2015-0383, CVE-2015-0410, CVE-2014-6593 CVE-2015-0138 CVE-2015-2808)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on...

Security Bulletin: Vulnerability in IBM SDK, Java Technology Edition Quarterly CPU - Oct 2016 - Includes Oracle Oct 2016 CPU Vulnerabilities IBM Algorithmics Algo Risk Application (CVE-2016-5597)

Summary A flaw exists in the HttpURLConnection and HttpsURLConnection implementations when connecting via a proxy, which allows a man-in-the-middle attacker to access proxy username and password information. The fix corrects the flaw. Vulnerability Details CVE-2016-5597 Original release date:...

Security Bulletin: Multiple Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Jan 2016 - Includes Oracle Jan 2016 CPU + 3 IBM CVEs affects IBM Algo One - Core, Algo Risk Application, and Counterparty Credit Risk

Summary Java SE issues disclosed in the Oracle January 2016 Critical Path Update. Affects Algo One - Core, Algo Risk Application, and Counterparty Credit Risk. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java affect IBM PureApplication System

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. IBM PureApplication System has addressed the applicable CVEs. These issues were also addressed by IBM...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Enterprise Service Bus

Summary WebSphere Application Server is shipped as a component of WebSphere Enterprise Service Bus. Information about the security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin Vulnerability Details Please consult the security bulletin WebSphere...

Security Bulletin:Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server April 2017 CPU

Summary There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in April 2017. These may affect some configurations of IBM WebSphere Application Server...

Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in Bluemix

Summary There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in January 2017. These may affect some configurations of IBM WebSphere Application Server...

Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM API Connect (CVE-2016-5597)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0 that is used by IBM API Connect. These issues were disclosed as part of the IBM Java SDK updates in October 2016. Vulnerability Details Relevant CVE Information: CVEID: CVE-2016-5597 DESCRIPTION: An...

Security Bulletin: IBM Integration Designer and WebSphere Integration Developer update of IBM® SDK Java™ Technology Edition

Summary There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM Integration Designer and WebSphere Integration Developer. These issues were disclosed in the IBM Java SDK updates in July 2016. IBM Integration Designer and WebSphere Integration Develope...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is provided with IBM Development Package for Apache Spark. These issues are disclosed as part of the IBM Java SDK updates in July 2016. Vulnerability Details If you run Java code using the IBM runtim...

Security Bulletin: A vulnerability in IBM Java SDK affects IBM Workload Deployer. (CVE-2015-4872)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition Version 6 that is used by IBM Workload Deployer. The issue was disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An unspecified vulnerability related to the...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager, WebSphere ILOG JRules and WebSphere Business Events:

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6,7 and 8 that is used by IBM Operational Decision Manager ODM, IBM ILOG JRules and IBM WebSphere Business Events WBE. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2016-0483, CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)

Summary WebSphere Application Server WAS is shipped as a component of IBM Business Process Manager BPM and WebSphere Lombardi Edition WLE. Information about security vulnerabilities affecting WebSphere Application Server has been published in security bulletins. There are multiple vulnerabilities...

Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle January 2016 Critical Patch Update, plus three additional vulnerabilities. Vulnerability Details CVE IDs: CVE-2016-0494 CVE-2016-0483 CVE-2015-8126 CVE-2015-8472 CVE-2016-0475 CVE-2016-0466 CVE-2016-0402 CVE-2015-7575 CVE-2016-0448 CVE-2015-8540...