Boletines de Vulnerabilidades

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2014-6593, CVE-2015-0410, CVE-2015-0138)

Información sobre el sistema
   
Software afectado IBM

Descripción
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 5 and Version 7 that is used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. CVE(s): CVE-2015-0138, CVE-2015-0410 and CVE-2014-6593 Affected product(s) and affected version(s): IBM

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_sdk_affect_ibm_tivoli_system_automation_application_manager_cve_2014_6593_cve_2015_0410_cve_2015_0138?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2014-6593 ,CVE-2015-0410 ,CVE-2015-0138 ,CVE-2015-1472 ,CVE-2013-7423 ,CVE-2015-0204 ,CVE-2014-3569 ,CVE-2014-3570 ,CVE-2014-3571 ,CVE-2014-3572 ,CVE-2014-8275 ,CVE-2015-0205 and CVE-2015-0206.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2015-04-10

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT