Friday, September 29, 2017

IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, Business Process Manager, IBM Tivoli Monitoring shipped with IBM Cloud Orchestrator (CVE-2017-1194)

Share this post:

A security vulnerability affects WebSphere Application Server that is shipped with IBM Cloud Orchestrator. IBM Cloud Orchestrator has addressed the vulnerability.

CVE(s): CVE-2017-1194

Affected product(s) and affected version(s):

Principal Product and Version(s) Affected Supporting Product and Version
IBM Cloud Orchestrator V2.5, V2.5.0.1, V2.5.0.2, V2.5.0.3
  • IBM WebSphere Application Server V8.5.5 through 8.5.5.11
  • Business Process Manager 8.5.5 through V8.5.7 CF201703
  • IBM Tivoli System Automation Application Manager V4.1
IBM Cloud Orchestrator V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.4.0.4
  • IBM WebSphere Application Server V8.5.5 through 8.5.5.12
  • IBM Business Process Manager Standard V8.5.0.1 through 8.5.6 CF2
  • IBM Tivoli System Automation Application Manager V4.1
IBM Cloud Orchestrator V2.3, V2.3 0.1
  • IBM WebSphere Application Server V8.0.1 through V8.0.0.11
  • IBM Business Process Manager V8.5.0.1
  • IBM Tivoli System Automation Application Manager V4.1
IBM Cloud Orchestrator Enterprise V2.5, V2.5.0.1, V2.5.0.2, V2.5.0.3
  • IBM WebSphere Application Server V8.5.5 through 8.5.5.11
  • Business Process Manager 8.5.5 through V8.5.7 CF201703
  • IBM Tivoli System Automation Application Manager V4.1
IBM Cloud Orchestrator Enterprise V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.4.0.4
  • IBM WebSphere Application Server V8.5.5 through 8.5.5.12
  • IBM Business Process Manager Standard V8.5.0.1 through 8.5.6 CF2
  • IBM Tivoli System Automation Application Manager V4.1
IBM Cloud Orchestrator Enterprise V2.3, V2.3.0.1
  • IBM WebSphere Application Server V8.0.1 through V8.0.0.11
  • Tivoli System Application Automation Manager 4.1
  • Business Process Manager 8.5.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2yMCw8n
X-Force Database: http://ift.tt/2s04pcE



from IBM Product Security Incident Response Team http://ift.tt/2yMCwVV

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.