Security Bulletin: IBM Cognos Controller 2020Q1 Security Updater: Multiple Security Vulnerabilities have been identified in IBM Cognos Controller

This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Controller 10.4.1 IF4, 10.4.0 IF7, 10.3.1 IF13 and 10.3.0 FP1 IF14. There are multiple vulnerabilities in IBM® Runtime Environment Java Technology Edition, Version 7 and the IBM® Runtime Environment Java Technology Edition, Version 8 that are used by IBM Cognos Controller 10.3.0, 10.3.1 and 10.4.0 and 10.4.1. These issues were disclosed as part of the IBM Java SDK updates in October 2018, January 2019, April 2019 and July 2019. Vulnerabilities have been addressed in the following 3rd party software components that are consumed by IBM Cognos Controller: IBM Websphere Liberty, OpenSSL (applicable to IBM Cognos Controller 10.3.0 only) and Apache HTTP Server (applicable to IBM Controller 10.3.0 only).

Affected product(s) and affected version(s):

IBM Cognos Controller 10.4.1

IBM Cognos Controller 10.4.0

IBM Cognos Controller 10.3.1

IBM Cognos Controller 10.3.0

 

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1284802

The post Security Bulletin: IBM Cognos Controller 2020Q1 Security Updater: Multiple Security Vulnerabilities have been identified in IBM Cognos Controller appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2vlNTXB