Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilties
Dec 19, 2019 7:00 pm EST
Categorized: High Severity
Share this post:
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in October 2018, January 2019, April 2019, July 2019 and October 2019. IBM Cognos Business Intelligence has addressed the applicable CVEs. Vulnerabilities have been addressed in the following 3rd party software components that are consumed by IBM Cognos Business Intelligence: IBM Websphere Liberty, OpenSSL, Apache HTTP Server, Apache POI, Microsoft C++ Runtime Library, ICU for C++, and OpenSSL An XSRF vulnerability in the IBM Cognos Business Intelligence has also been addressed.
Affected product(s) and affected version(s):
IBM Cognos Business Intelligence 10.2.2
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/1142626
from IBM Product Security Incident Response Team https://ift.tt/36Sbi03