Security Bulletin: A security vulnerability has been identified in IBM HTTP Server used by IBM WebSphere Application Server which is shipped with IBM Workload Deployer (CVE-2015-1283)

Summary IBM WebSphere Application Server is shipped as a component of IBM Workload Deployer. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Denial of service may...

Security Bulletin:A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Workload Deployer (CVE-2015-7450)

Summary IBM WebSphere Application Server Hypervisor Edition is shipped as a deployable component of IBM Workload Deployer. Information about a security vulnerability affecting IBM WebSphere Application Server and IBM WebSphere Application Server Hypervisor Edition has been published in a security...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK including Logjam affect IBM Workload Deployer. (CVE-2015-2590, CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931, and CVE-2015-4000)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Workload Deployer. These issues were disclosed as part of the IBM Java SDK updates in July 2015. This bulletin also addresses the Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange...

Security Bulletin: Vulnerabilities in OpenSSLincluding Logjam affect IBM Workload Deployer. (CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, and CVE-2015-4000)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by IBM Workload Deployer. IBM Workload Deployer has addressed the applicable CVEs...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Workload Deployer. (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Workload Deployer. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM Workload Deployer. (CVE-2015-2808, CVE-2015-1916, CVE-2015-0204, and CVE-2015-0138)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition Version 6 that is used by IBM Workload Deployer. These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses FREAK: “Factoring Attack on RSA-EXPORT keys" SSL/TLS...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Workload Deployer (CVE-2015-0410 and CVE-2014-6593)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition Version 6 and 7 that are used by IBM Workload Deployer. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details CVEID: CVE-2015-0410 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerabilities in OpenSSL affects IBM Workload Deployer (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293)

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Workload Deployer. IBM Workload Deployer has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0209 DESCRIPTION: OpenSSL could allow a remote attacker to execute...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Workload Deployer (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Workload Deployer. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Hypervisor Edition shipped with IBM Workload Deployer (CVE-2015-0138)

Summary IBM WebSphere Application Server is shipped as a component of IBM Workload Deployer. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin: Vulnerability...

Security Bulletin: Vulnerability in SSLv3 affects IBM Workload Deployer (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Workload Deployer. Vulnerability Details CVEID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Workload Deployer (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568)

Summary OpenSSL vulnerabilities along with SSL 3 Fallback protection TLSFALLBACKSCSV were disclosed on October 15, 2014 by the OpenSSL Project. OpenSSL is used by IBM Workload Deployer. IBM Workload Deployer has addressed the applicable CVEs and included the SSL 3.0 Fallback protection...

Security Bulletin: Log viewer vulnerability affects IBM Workload Deployer (CVE-2014-6190)

Summary Log viewer vulnerability affects IBM Workload Deployer. Vulnerability Details CVEID:CVE-2014-6190 DESCRIPTION: Defined system users without proper permissions can access the log viewer functionality by entering the log page URLs in their browser. CVSS Base Score: 5.0 CVSS Temporal Score:...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Workload Deployer. (CVE-2014-6457, CVE-2014-3566)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM Workload Deployer. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the IBM Java...

Security Bulletin: File path traversal vulnerabilities affect IBM Workload Deployer (CVE-2014-6158)

Summary File upload functionality within IBM Workload Deployer might lead to server compromise and Denial of Service DoS. Vulnerability Details CVEID: CVE-2014-6158 DESCRIPTION: IBM PureApplication System’s file upload functions might lead to server compromise and DoS when authorized users create...

Security Bulletin: Vulnerabilities in OpenSSL (CVE-2014-3508 and CVE-2014-3509) affect the virtual machines deployed by IBM Workload Deployer.

Summary Nine OpenSSL vulnerabilities were disclosed in August 2014. This bulletin addresses the two vulnerabilities that are applicable to virtual machines which are deployed by IBM Workload Deployer using the IBM OS Image for Red Hat Linux Systems and the IBM OS Image for AIX Systems...

Security Bulletin: Vulnerabilities in Bash affect IBM Workload Deployer (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Bash is available in Red Hat Linux virtual machine images that can be deployed by using IBM Workload Deployer. Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory...

Security Bulletin: IBM Workload Deployer - Proof of Concept exploit code, which uses a flaw in glibc that can allow a local unprivileged user to gain root on Linux machine

Summary Proof of Concept exploit code, which uses a flaw in glibc that can allow a local unprivileged user to gain root on a Linux machine. This affects virtual machines deployed by IBM Workload Deployer using the IBM OS Image for RedHat Linux version 2.0, 2.0.0.1, 2.0.0.2, 2.0.0.3, 2.0.0.4 and...

CA Workload Automation AE SQL Injection Vulnerability

CA Workload Automation AE is a workload automation tool from CA. CA Workload Automation AE suffers from a SQL injection vulnerability. A remote attacker could exploit this vulnerability via a specially crafted HTTP request to conduct a SQL injection attack...

CA Workload Control Center Arbitrary Code Execution Vulnerability

CA Workload Control Center is the GUI for CA Workload Automation AE. An arbitrary code execution vulnerability exists in CA Workload Control Center. A remote attacker could exploit this vulnerability to execute arbitrary code via a specially crafted HTTP request...