This bulletin addresses several security vulnerabilities. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and the IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in April 2016. OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Cognos Business Intelligence. IBM Cognos Business Intelligence has addressed the applicable CVEs. IBM Cognos Business Intelligence has addressed a Tomcat vulnerability. IBM Cognos Business Intelligence has addressed an Apache Xerces-C XML parser Vulnerability. If you are using IBM Cognos TM1, you should also apply IBM Cognos TM1 Security fixes. This will ensure TM1 and Business Intelligence continue to operate as expected. Please see the Related Information section below.
CVE(s): CVE-2015-5174, CVE-2015-5345, CVE-2016-0221, CVE-2016-0346, CVE-2016-0729, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-3427
Affected product(s) and affected version(s):
- IBM Cognos Business Intelligence Server 10.2.2
- IBM Cognos Business Intelligence Server 10.2.1.1
- IBM Cognos Business Intelligence Server 10.2.1
- IBM Cognos Business Intelligence Server 10.2
- IBM Cognos Business Intelligence Server 10.1.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/298BNBf
X-Force Database: http://ift.tt/1rhWylT
X-Force Database: http://ift.tt/1rhWy5x
X-Force Database: http://ift.tt/297OkZm
X-Force Database: http://ift.tt/298BMxe
X-Force Database: http://ift.tt/297OoIU
X-Force Database: http://ift.tt/1NwOPLs
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/1VjTr9i
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p
X-Force Database: http://ift.tt/1N2N48r
from IBM Product Security Incident Response Team http://ift.tt/297ONuS
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.