IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring

There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components.

CVE(s): CVE-2017-10125, CVE-2017-10067, CVE-2017-10115, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10116, CVE-2017-10102, CVE-2017-10087, CVE-2017-10089, CVE-2017-10107, CVE-2017-10110, CVE-2017-1376, CVE-2017-10105, CVE-2017-10053, CVE-2017-10108, CVE-2017-10109, CVE-2017-10243

Affected product(s) and affected version(s):

The following components of IBM Tivoli Monitoring (ITM) are affected by this bulletin:

-Java (CANDLEHOME) ITM 6.2.3 Fix Pack 1 (JRE 1.6) through 6.3.0 Fix Pack 7 (JRE 7) (CVE-2017-10102, CVE-2017-10116, CVE-2017-10115, CVE-2017-10243)
-Java (Tivoli Enterprise Portal client browser or webstart) ITM 6.2.3 Fix pack 1 through 6.3.0 Fix Pack 7 (All CVE’s listed)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2xz64VO
X-Force Database: http://ift.tt/2vfEyLU
X-Force Database: http://ift.tt/2x4YZ1U
X-Force Database: http://ift.tt/2xsr7ZC
X-Force Database: http://ift.tt/2x52Goj
X-Force Database: http://ift.tt/2x4LWxw
X-Force Database: http://ift.tt/2x4P6Bt
X-Force Database: http://ift.tt/2wyaY8O
X-Force Database: http://ift.tt/2veVuCa
X-Force Database: http://ift.tt/2x52GEP
X-Force Database: http://ift.tt/2vEW7Fc
X-Force Database: http://ift.tt/2vECPQw
X-Force Database: http://ift.tt/2x4P64r
X-Force Database: http://ift.tt/2vfk1Hi
X-Force Database: http://ift.tt/2x588Yf
X-Force Database: http://ift.tt/2wEhie8
X-Force Database: http://ift.tt/2vff6pW
X-Force Database: http://ift.tt/2vEvu3j
X-Force Database: http://ift.tt/2vQ1oZY

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2A10Fby