IBM Security Bulletin: IBM Cognos Business Intelligence Server 2017Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.

This bulletin addresses several security vulnerabilities. IBM Cognos Business Intelligence has addressed a vulnerability where sensitive information can be revealed in its logs files. There is a vulnerabilitiy in IBM® WebSphere Application Server Liberty. Liberty is used by IBM Cognos Business Intelligence version 10.2.2. This issue was disclosed as part of the IBM WebSphere Application Server Liberty updates. IBM Cognos Business Intelligence has addressed several Apache Tomcat vulnerabilities.

CVE(s): CVE-2016-9985, CVE-2016-5983, CVE-2016-0762, CVE-2016-5018, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797, CVE-2016-6816, CVE-2016-8735, CVE-2016-5388

Affected product(s) and affected version(s):

IBM Cognos Business Intelligence Server 10.2.2
IBM Cognos Business Intelligence Server 10.2.1.1
IBM Cognos Business Intelligence Server 10.2.1
IBM Cognos Business Intelligence Server 10.2
IBM Cognos Business Intelligence Server 10.1.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2mB58y6
X-Force Database: http://ift.tt/2meHFA7
X-Force Database: http://ift.tt/2cX6Wuu
X-Force Database: http://ift.tt/2jew1Gw
X-Force Database: http://ift.tt/2if9bdY
X-Force Database: http://ift.tt/2jeqBvn
X-Force Database: http://ift.tt/2if6ZDc
X-Force Database: http://ift.tt/2ifdg1N
X-Force Database: http://ift.tt/2iIaaqs
X-Force Database: http://ift.tt/2j4D3cR
X-Force Database: http://ift.tt/2dTp7zH

The post IBM Security Bulletin: IBM Cognos Business Intelligence Server 2017Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2mAWFut