IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products.

The IBM Emptoris Strategic Supply Management Suite and IBM Emptoris Services Procurement products are affected by multiple security vulnerabilities that exist in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. The security bulletin includes issues disclosed as part of the IBM Java SDK updates in July 2017. The IBM Emptoris Strategic Supply Management Suite of products include IBM Emptoris Contract Management, IBM Emptoris Sourcing, IBM Emptoris Spend Analysis, IBM Emptoris Program Management, IBM Emptoris Strategic Supply Management and IBM Emptoris Supplier Lifecycle Management.

CVE(s): CVE-2017-10102, CVE-2017-10116, CVE-2017-10115

Affected product(s) and affected version(s):

IBM Emptoris Contract Management 9.5 through 10.1.x
IBM Emptoris Program Management 10.0.0 through 10.1.x
IBM Emptoris Sourcing 9.5 through 10.1.x
IBM Emptoris Spend Analysis 10.0.0 through 10.1.x
IBM Emptoris Supplier Lifecycle Management 10.0.0 through 10.1.x
IBM Emptoris Strategic Supply Management 10.0.0 through 10.1.x
IBM Emptoris Services Procurement 10.x

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2wjhJeE
X-Force Database: http://ift.tt/2veVuCa
X-Force Database: http://ift.tt/2wyaY8O
X-Force Database: http://ift.tt/2xsr7ZC

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products. appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2wjXAp6