IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos TM1. These issues were disclosed as part of the IBM Java SDK updates in April 2017 and July 2017. A XSS vulnerability in Performance Management Hub was also addressed.

CVE(s): CVE-2017-3511, CVE-2017-3539, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-1506, CVE-2017-10115, CVE-2017-10116, CVE-2017-10108, CVE-2017-10109

Affected product(s) and affected version(s):

IBM Cognos TM1 10.2

• IBM Cognos TM1 10.2.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22012623
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/124890
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/124915
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120508
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120509
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120510
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120511
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/129617
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128876
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128877
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128869
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128870

The post IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2BpjV28