There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos TM1. These issues were disclosed as part of the IBM Java SDK updates in April 2017 and July 2017. A XSS vulnerability in Performance Management Hub was also addressed.
CVE(s): CVE-2017-3511, CVE-2017-3539, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1506, CVE-2017-10115, CVE-2017-10116, CVE-2017-10108, CVE-2017-10109
Affected product(s) and affected version(s):
IBM Cognos TM1 10.2
- IBM Cognos TM1 10.2.2
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22012623
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/124890
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/124915
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120508
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120509
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120510
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120511
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/129617
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128876
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128877
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128869
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128870
The post IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2BpjV28
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.