IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and OpenSSL affect IBM FileNet System Monitor/IBM Enterprise Content Management System

OpenSSL vulnerabilities were disclosed on March 1, 2016 & May 3, 2016 by the OpenSSL Project. OpenSSL is used by Enterprise Content Management System Monitor has addressed the applicable CVEs. There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7 that is used by IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor.These issues were disclosed as part of the IBM Java SDK updates in January 2016

CVE(s): CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176, CVE-2016-0703, CVE-2016-0705, CVE-2016-0797, CVE-2016-0494, CVE-2016-0483, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2015-8540, CVE-2015-7981, CVE-2015-7575

Affected product(s) and affected version(s):

IBM FileNet System Monitor v4.5.0
IBM Enterprise Content Management System Monitor v5.1.0
IBM Enterprise Content Management System Monitor v5.2.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2aJA2j6
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/1NwOPLs
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p
X-Force Database: http://ift.tt/1N2N4p7
X-Force Database: http://ift.tt/1Tg5wqO
X-Force Database: http://ift.tt/1Tg5wqQ
X-Force Database: http://ift.tt/1Tg5uPy
X-Force Database: http://ift.tt/1rUknBo
X-Force Database: http://ift.tt/1rUkltb
X-Force Database: http://ift.tt/1ZcEll0
X-Force Database: http://ift.tt/1ZcEnt4
X-Force Database: http://ift.tt/1WhPjpX
X-Force Database: http://ift.tt/1ZcEnt8
X-Force Database: http://ift.tt/1ZcEnJo
X-Force Database: http://ift.tt/1TnIyR8



from IBM Product Security Incident Response Team http://ift.tt/2aJzY2B