Friday, July 1, 2016

IBM Security Bulletin: IBM Cognos Business Intelligence Server 2016Q2 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.

This bulletin addresses several security vulnerabilities. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and the IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in April 2016. OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Cognos Business Intelligence. IBM Cognos Business Intelligence has addressed the applicable CVEs. IBM Cognos Business Intelligence has addressed a Tomcat vulnerability. IBM Cognos Business Intelligence has addressed an Apache Xerces-C XML parser Vulnerability. If you are using IBM Cognos TM1, you should also apply IBM Cognos TM1 Security fixes. This will ensure TM1 and Business Intelligence continue to operate as expected. Please see the Related Information section below.

CVE(s): CVE-2015-5174, CVE-2015-5345, CVE-2016-0221, CVE-2016-0346, CVE-2016-0729, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-3427

Affected product(s) and affected version(s):

  • IBM Cognos Business Intelligence Server 10.2.2
  • IBM Cognos Business Intelligence Server 10.2.1.1
  • IBM Cognos Business Intelligence Server 10.2.1
  • IBM Cognos Business Intelligence Server 10.2
  • IBM Cognos Business Intelligence Server 10.1.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/298BNBf
X-Force Database: http://ift.tt/1rhWylT
X-Force Database: http://ift.tt/1rhWy5x
X-Force Database: http://ift.tt/297OkZm
X-Force Database: http://ift.tt/298BMxe
X-Force Database: http://ift.tt/297OoIU
X-Force Database: http://ift.tt/1NwOPLs
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/1VjTr9i
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p
X-Force Database: http://ift.tt/1N2N48r



from IBM Product Security Incident Response Team http://ift.tt/297ONuS

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.