OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Workload Manager. IBM Workload Manager has addressed the applicable CVEs
CVE(s): CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176
Affected product(s) and affected version(s):
TWS uses OpenSSL only for secure communication between internal processes.
For Tivoli Workload Scheduler Distributed, TWS nodes are impacted by OpenSSL security exposures only if the TWS workstation has been defined with “securitylevel” set to on or enabled or force.
These security exposures do not apply to the embedded WebSphere Application Server but only to programs installed under <TWS home>/bin.
Tivoli Workload Scheduler Distributed 8.5.0 FP05 and earlier
Tivoli Workload Scheduler Distributed 8.5.1 FP05 and earlier
Tivoli Workload Scheduler Distributed 8.6.0 FP03 and earlier
Tivoli Workload Scheduler Distributed 9.1.0 FP02 and earlier
Tivoli Workload Scheduler Distributed 9.2.0 FP02 and earlier
IBM Workload Scheduler Distributed 9.3.0 FP02 and earlier
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/29jSlZv
X-Force Database: http://ift.tt/1VjTr9i
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/1NwOPLs
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p
from IBM Product Security Incident Response Team http://ift.tt/29L1rgq
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.