Thursday, August 11, 2016

IBM Security Bulletin: IBM Tivoli Common Reporting (TCR) 2016Q2 Security Updater : IBM Tivoli Common Reporting is affected by multiple vulnerabilities

This bulletin addresses several security vulnerabilities. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and the IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in April 2016. OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Cognos Business Intelligence. IBM Cognos Business Intelligence has addressed the applicable CVEs. IBM Cognos Business Intelligence has addressed a Tomcat vulnerability. IBM Cognos Business Intelligence has addressed an Apache Xerces-C XML parser Vulnerability.

CVE(s): CVE-2015-5174, CVE-2015-5345, CVE-2016-0221, CVE-2016-0346, CVE-2016-0729, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-3427

Affected product(s) and affected version(s):

Tivoli Common Reporting 3.1

Tivoli Common Reporting 3.1.0.1

Tivoli Common Reporting 3.1.0.2

Tivoli Common Reporting 3.1.2

Tivoli Common Reporting 3.1.2.1

Tivoli Common Reporting 3.1.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2aO9pKx
X-Force Database: http://ift.tt/1rhWylT
X-Force Database: http://ift.tt/1rhWy5x
X-Force Database: http://ift.tt/297OkZm
X-Force Database: http://ift.tt/298BMxe
X-Force Database: http://ift.tt/297OoIU
X-Force Database: http://ift.tt/1NwOPLs
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/1VjTr9i
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p
X-Force Database: http://ift.tt/1N2N48r



from IBM Product Security Incident Response Team http://ift.tt/2b1nFfL

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.