Tuesday, May 2, 2017

IBM Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.6.0. IBM Cognos Analytics has addressed a vulnerability where sensitive information can be revealed in its logs files. Multiple OpenSSL vulnerabilities affect IBM Cognos Analytics. These include OpenSSL vulnerabilities that were disclosed on September 22 and 26, 2016 by the OpenSSL Project as well as the the “SSL Death Alert” vulnerability for OpenSSL. OpenSSL is used by IBM Cognos Analytics. IBM Cognos Analytics has addressed the applicable CVEs. There is a vulnerabilitiy in IBM WebSphere Application Server Liberty. IBM WebSphere Application Server Liberty is used by IBM Cognos Analytics. This issue was disclosed as part of the IBM WebSphere Application Server Liberty updates. IBM Cognos Analytics has addressed a vulnerability with Apache Commons FileUpload.

CVE(s): CVE-2016-9985, CVE-2016-8610, CVE-2016-6302, CVE-2016-6304, CVE-2016-6305, CVE-2016-2182, CVE-2016-2180, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-6303, CVE-2016-6307, CVE-2016-6308, CVE-2016-2181, CVE-2016-6309, CVE-2016-7052, CVE-2016-5983, CVE-2016-3092

Affected product(s) and affected version(s):

IBM Cognos Analytics Version 11.0.0.0 to 11.0.5.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2prZwH2
X-Force Database: http://ift.tt/2meHFA7
X-Force Database: http://ift.tt/2hNr07D
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dR3XX1
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2dmWOvf
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR3Smm
X-Force Database: http://ift.tt/2dmYa8Y
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2fn8D82
X-Force Database: http://ift.tt/2dTp6vD
X-Force Database: http://ift.tt/2cX6Wuu
X-Force Database: http://ift.tt/2bozrA8

The post IBM Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2ps4CmC
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)