IBM Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics

Jul 29, 2019 9:02 am EDT

Categorized: High Severity

Share this post:

This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics 2.0.8. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Planning Analytics 2.0.7 and lower. IBM Planning Analytics 2.0.8 has addressed the applicable CVEs by upgrading to IBM® Runtime Environment Java™ Version 8 Service Refresh 5 Fix Pack 35. As of version 2.0.6, IBM Planning Analytics is no longer compatible with IBM® Runtime Environment Java™ Version 7. IBM Planning Analytics 2.0.8 (Windows) will install IBM® Runtime Environment Java™ Version 8. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the “IBM Java SDK Security Bulletin”, located in the

CVE(s): CVE-2018-12547, CVE-2019-4245, CVE-2017-15422, CVE-2014-9654, CVE-2014-7926, CVE-2014-7923, CVE-2011-4599, CVE-2017-14952, CVE-2016-7415, CVE-2018-1902, CVE-2019-4046, CVE-2018-1000873

Affected product(s) and affected version(s):

Planning Analytics 2.0

Planning Analytics 2.0.1

Planning Analytics 2.0.2

Planning Analytics 2.0.3

Planning Analytics 2.0.4

Planning Analytics 2.0.5

Planning Analytics 2.0.6

Planning Analytics 2.0.7

IBM Planning Analytics Local 2.0 (Planning Analytics Workspace)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10884724
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/23094
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136054
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/110456
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/100297
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/100294
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/71726
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133526
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117035
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152531
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156242
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/154804



from IBM Product Security Incident Response Team https://ift.tt/2YDbY9n