IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and WebSphere Message Broker

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0.5.5 and IBM® Runtime Environment Java™ Versions 7.0.10.10 and 7.0.10.5 used by IBM Integration Bus and WebSphere Message Broker. These issues were disclosed as part of the IBM Java SDK updates in October 2017.

CVE(s): CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10281, CVE-2017-10293, CVE-2017-10295, CVE-2017-10345, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388

Affected product(s) and affected version(s):

IBM Integration Bus V10.0.0.0 – V10.0.0.10

IBM Integration Bus V9.0.0.0 – V9.0.0.9
WebSphere Message Broker V8.0.0.0 – V8.0.0.9
WebSphere Message Broker V7.0.0.0 – V7.0.0.8

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2mcGbre
X-Force Database: http://ift.tt/2lLwOQm
X-Force Database: http://ift.tt/2mlzP6B
X-Force Database: http://ift.tt/2lLuetu
X-Force Database: http://ift.tt/2mlCjlv
X-Force Database: http://ift.tt/2jy9EK0
X-Force Database: http://ift.tt/2i3qHDg
X-Force Database: http://ift.tt/2i3Lmr1
X-Force Database: http://ift.tt/2jy9Ite
X-Force Database: http://ift.tt/2jyG47h
X-Force Database: http://ift.tt/2jy9C4Q
X-Force Database: http://ift.tt/2i3qIHk
X-Force Database: http://ift.tt/2i6pgE5
X-Force Database: http://ift.tt/2jyG1s7
X-Force Database: http://ift.tt/2jyFZR1
X-Force Database: http://ift.tt/2i6pg73
X-Force Database: http://ift.tt/2i6pawd

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and WebSphere Message Broker appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2FbhYtc