IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Predictive Insight

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Predictive Insight. IBM Predictive Insight has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability.



CVE(s): CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-2842


Affected product(s) and affected version(s):

IBM Predictive Insight 8.5 - 9.0



Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/1ZXf3rp
X-Force Database: http://ift.tt/1WhPjGA
X-Force Database: http://ift.tt/1Tg5wqO
X-Force Database: http://ift.tt/1N2N4p3
X-Force Database: http://ift.tt/1Tg5wqQ
X-Force Database: http://ift.tt/1N2N4p5
X-Force Database: http://ift.tt/1Tg5v6h
X-Force Database: http://ift.tt/1N2N4p7
X-Force Database: http://ift.tt/1Tg5wH8
X-Force Database: http://ift.tt/24fOBfM


from IBM Product Security Incident Response Team http://ift.tt/1ZXffXy