IBM Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics
Jul 29, 2019 9:02 am EDT
Categorized: High Severity
Share this post:
This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics 2.0.8. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Planning Analytics 2.0.7 and lower. IBM Planning Analytics 2.0.8 has addressed the applicable CVEs by upgrading to IBM® Runtime Environment Java™ Version 8 Service Refresh 5 Fix Pack 35. As of version 2.0.6, IBM Planning Analytics is no longer compatible with IBM® Runtime Environment Java™ Version 7. IBM Planning Analytics 2.0.8 (Windows) will install IBM® Runtime Environment Java™ Version 8. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the “IBM Java SDK Security Bulletin”, located in the
CVE(s): CVE-2018-12547, CVE-2019-4245, CVE-2017-15422, CVE-2014-9654, CVE-2014-7926, CVE-2014-7923, CVE-2011-4599, CVE-2017-14952, CVE-2016-7415, CVE-2018-1902, CVE-2019-4046, CVE-2018-1000873
Affected product(s) and affected version(s):
Planning Analytics 2.0
Planning Analytics 2.0.1
Planning Analytics 2.0.2
Planning Analytics 2.0.3
Planning Analytics 2.0.4
Planning Analytics 2.0.5
Planning Analytics 2.0.6
Planning Analytics 2.0.7
IBM Planning Analytics Local 2.0 (Planning Analytics Workspace)
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10884724
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/23094
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136054
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/110456
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/100297
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/100294
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/71726
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133526
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117035
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152531
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156242
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/154804
from IBM Product Security Incident Response Team https://ift.tt/2YDbY9n