IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products

The IBM Emptoris Strategic Supply Management suite of products are affected by multiple security vulnerabilities that exist in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. The security bulletin includes issues that were disclosed as part of the IBM Java SDK updates in October 2017. The IBM Emptoris Strategic Supply Management Suite of products include IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management, IBM Emptoris Strategic Supply Management and IBM Emptoris Supplier Lifecycle Management.

CVE(s): CVE-2017-10388, CVE-2017-10356

Affected product(s) and affected version(s):

IBM Emptoris Contract Management 10.0.0 through 10.1.x

IBM Emptoris Program Management 10.0.0 through 10.1.x
IBM Emptoris Spend Analysis 10.0.0 through 10.1.x
IBM Emptoris Supplier Lifecycle Management 10.0.0 through 10.1.x
IBM Emptoris Strategic Supply Management 10.0.0 through 10.1.x

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22014235
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133813
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133785

The post IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2tid0ZV