IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, versions 6, 7, & 8 affect Transformation Extender

There are multiple vulnerabilities in IBM® Runtime Environments Java™ Technology Edition versions 6, 7, & 8 that are used by Transformation Extender. This issue was disclosed as part of the IBM Java SDK updates in January and April, 2017.

CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183, CVE-2017-1289, CVE-2017-3511

Affected product(s) and affected version(s):

• WebSphere Transformation Extender Design Studio
• WebSphere Transformation Extender with Command Server
• WebSphere Transformation Extender for Integration Servers
• WebSphere Transformation Extender for Application Programming
• WebSphere Transformation Extender with Launcher

Transformation Extender versions	CVEs
9.0.0 – 9.0.0.1 8.4.1 – 8.4.1.4 8.4.0 – 8.4.0.5 8.3.0 – 8.3.0.6	Jan:  CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5547 CVE-2016-2183
9.0.0 – 9.0.0.1 8.4.1 – 8.4.1.4 8.4.0 – 8.4.0.5	April: CVE-2017-3511
8.3 – 8.3.0.6	April: CVE-2017-1289 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://ift.tt/2Ap0Wp4 X-Force Database: http://ift.tt/2lA4akm X-Force Database: http://ift.tt/2lAx183 X-Force Database: http://ift.tt/2msD77U X-Force Database: http://ift.tt/2msBF5I X-Force Database: http://ift.tt/2dR3VyC X-Force Database: http://ift.tt/2pvwR1f X-Force Database: http://ift.tt/2pv7JaY The post IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, versions 6, 7, & 8 affect Transformation Extender appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2Aq5CLw