IBM Security Bulletin: Vulnerabilities in Apache HttpComponents affect IBM InfoSphere Information Server (CVE-2012-6153 CVE-2014-3577)

Apache HttpComponents vulnerabilities while verifying certificates was addressed by IBM InfoSphere Information Server.

CVE(s): CVE-2012-6153, CVE-2014-3577

Affected product(s) and affected version(s):

The following product, running on all supported platforms, is affected:
IBM InfoSphere Blueprint Director: versions 8.5, 8.7, 9.1 and 11.3
IBM InfoSphere Business Glossary Client for Eclipse: versions 8.5, 8.7, 9.1, 11.3 and 11.5
IBM InfoSphere Business Glossary: versions 8.7 and 9.1
IBM InfoSphere Data Quality Exception Console: versions 11.3 and 11.5
IBM InfoSphere FastTrack: versions 11.3 and 11.5
IBM InfoSphere Metadata Asset Manager: versions 8.7 and 9.1
IBM InfoSphere Metadata Workbench: versions 8.7 and 9.1
IBM InfoSphere Information Governance Catalog: versions 11.3 and 11.5
IBM InfoSphere Information Server Manager: versions 8.7, 9.1, 11.3, and 11.5
IBM InfoSphere DataStage XML Connector stage: versions 8.5, 8.7 and 9.1
IBM InfoSphere DataStage Hierarchical Data stage: versions 11.3 and 11.5
IBM InfoSphere DataStage Connectors: versions 8.5, 8.7, 9.1, 11.3 and 11.5
IBM ISALite for IBM InfoSphere Information Server: versions 11.3 and 11.5
IBM InfoSphere Information Server on Cloud: version 11.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2fjlVzB
X-Force Database: http://ift.tt/2fCl8NR
X-Force Database: http://ift.tt/2fjnu0n

from IBM Product Security Incident Response Team http://ift.tt/2fCiFmJ