This bulletin addresses several security vulnerabilities. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and the IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in April 2016. OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Cognos Business Intelligence. IBM Cognos Business Intelligence has addressed the applicable CVEs. IBM Cognos Business Intelligence has addressed a Tomcat vulnerability. IBM Cognos Business Intelligence has addressed an Apache Xerces-C XML parser Vulnerability.
CVE(s): CVE-2015-5174, CVE-2015-5345, CVE-2016-0221, CVE-2016-0346, CVE-2016-0729, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-3427
Affected product(s) and affected version(s):
Tivoli Common Reporting 3.1
Tivoli Common Reporting 3.1.0.1
Tivoli Common Reporting 3.1.0.2
Tivoli Common Reporting 3.1.2
Tivoli Common Reporting 3.1.2.1
Tivoli Common Reporting 3.1.3
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2aO9pKx
X-Force Database: http://ift.tt/1rhWylT
X-Force Database: http://ift.tt/1rhWy5x
X-Force Database: http://ift.tt/297OkZm
X-Force Database: http://ift.tt/298BMxe
X-Force Database: http://ift.tt/297OoIU
X-Force Database: http://ift.tt/1NwOPLs
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/1VjTr9i
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p
X-Force Database: http://ift.tt/1N2N48r
from IBM Product Security Incident Response Team http://ift.tt/2b1nFfL
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.