Boletines de Vulnerabilidades

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Provisioning Manager (CVE-2015-0488, CVE-2015-0478, CVE-2015-0204, CVE-2015-2808, CVE-2015-0138)

Información sobre el sistema
   
Software afectado IBM

Descripción
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 5.0 Service Refresh 16 Fix Pack 9 and Version 6 Service Refresh 16 Fix Pack 3 and earlier releases, that is used by IBM Tivoli Provisioning Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses FREAK: Factoring Attack on RSA-EXPORT keys" SSL/TLS vulnerability and RC4 Bar Mitzvah Attack for SSL/TLS vulnerability.

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_runtime_affect_ibm_tivoli_provisioning_manager_cve_2015_0488_cve_2015_0478_cve_2015_0204_cve_2015_2808_cve_2015_0138?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2015-0488 ,CVE-2015-0478 ,CVE-2015-0204 ,CVE-2015-2808 ,CVE-2015-0138 ,CVE-2015-1884 ,CVE-2014-3600 ,CVE-2014-3612 ,CVE-2014-8110 ,CVE-2014-3579 ,CVE-2015-0127 ,CVE-2015-0126 ,CVE-2015-0115 ,CVE-2015-0131 ,CVE-2015-0116 ,CVE-2014-8730 and CVE-2015-4000.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2015-06-24

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT