There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 that is used by WebSphere Application Server shipped with IBM SmartCloud Provisioning. These issues were disclosed as part of the IBM Java SDK updates in July 2015. This bulletin also addresses the Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol affects.
CVE(s): CVE-2015-4000, CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931
Affected product(s) and affected version(s):
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/291a1IQ
X-Force Database: http://ift.tt/1QESqqY
X-Force Database: http://ift.tt/2919wPf
X-Force Database: http://ift.tt/1SAJRtw
X-Force Database: http://ift.tt/1NzQBex
X-Force Database: http://ift.tt/1SAJTSm
X-Force Database: http://ift.tt/1NzQE9X
| Principal Product | Affected Supporting Product Version |
| IBM SmartCloud Provisioning V2.1,V 2.1.0.1, V2.1.0.2, V2.1.0.3, V2.1.0.5, V2.1.0.5 from Interim Fix 1 to Interim Fix3 | IBM WebSphere Application Server V8.0 |
| IBM SmartCloud Provisioning V2.3, V2.3.0.1 and V2.3.0.1 from Interim Fix 1 to Interim Fix 7 | IBM WebSphere Application Server V8.0.0.1 thorugh V8.0.1.11 |
from IBM Product Security Incident Response Team http://ift.tt/29kAUWW
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.