IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ affect Business Process Manager, and bundled products shipped with IBM Cloud Orchestrator
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, that is used by IBM Cloud Orchestrator, and bundled products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition. IBM SmartCloud Cost Management and Tivoli Monitoring are shipped as bundled supporting products with IBM Cloud Orchestrator Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”.
CVE(s): CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448
Affected product(s) and affected version(s):
IBM Cloud Orchestrator Enterprise versions:
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/29OEayH
X-Force Database: http://ift.tt/1WhPgug
X-Force Database: http://ift.tt/1N2N3Bz
X-Force Database: http://ift.tt/1TnIyR8
X-Force Database: http://ift.tt/1WhPjpX
Affected Principal Product and Version | Affected Supporting Product and Version |
IBM Cloud Orchestrator Enterprise V2.5, V2.5.0.1 | IBM Business Process Manager Standard 8.5.6 IBM Tivoli System Automation Application Manager 4.1 IBM Tivoli System Automation for Multi platforms 4.1 IBM DB2 Enterprise Server Edition 10.5.0.6 IBM SmartCloud Cost Management 2.1.0.5 IBM Tivoli Monitoring 6.3.0.2 |
IBM Cloud Orchestrator Enterprise V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3 | IBM Business Process Manager Standard 8.5.6 IBM Tivoli System Automation Application Manager 4.1 IBM Tivoli System Automation for Multi platforms 4.1 IBM DB2 Enterprise Server Edition 10.5.0.6 IBM SmartCloud Cost Management 2.1.0.4 IBM Tivoli Monitoring 6.3.0.2 |
IBM SmartCloud Orchestrator Enterprise V2.3 and V2.3.0.1 from Interim Fix1 through Interim Fix 9 | IBM Business Process Manager Standard 8.5 IBM Tivoli System Automation Application Manager 3.2.2.2 IBM Tivoli System Automation for Multi platforms 3.2.2 IBM DB2 Enterprise Server Edition 10.1.0.5 IBM SmartCloud Cost Management V2.1.0.3 IBM Tivoli Monitoring V6.3.0.1 |
Affected Principal Product and Version | Affected Supporting Product and Version |
IBM Cloud Orchestrator V2.5, V2.5.0.1 | IBM Business Process Manager Standard 8.5.6 IBM Tivoli System Automation Application Manager 4.1 IBM Tivoli System Automation for Multi platforms 4.1 IBM DB2 Enterprise Server Edition 10.5.0.6 |
IBM Cloud Orchestrator V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3 | IBM Business Process Manager Standard 8.5.6 IBM Tivoli System Automation Application Manager 4.1 IBM Tivoli System Automation for Multi platforms 4.1 IBM DB2 Enterprise Server Edition 10.5.0.6 |
IBM SmartCloud Orchestrator V2.3 and V2.3.0.1 from Interim Fix1 through Interim Fix 9 | IBM Business Process Manager Standard 8.5 IBM Tivoli System Automation Application Manager 3.2.2.2 IBM Tivoli System Automation for Multi platforms 3.2.2 IBM DB2 Enterprise Server Edition 10.1.0.5 |
from IBM Product Security Incident Response Team http://ift.tt/29OHcyw