Boletines de Vulnerabilidades

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Metrics Manager (CVE-2015-0478, CVE-2015-0488, CVE-2015-2808)

Información sobre el sistema
   
Software afectado IBM

Descripción
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6 and 7 that are used by IBM Cognos Metrics Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses RC4 Bar Mitzvah Attack for SSL/TLS vulnerability CVE(s): CVE-2015-0488, CVE-2015-0478 and CVE-2015-2808 Affected product(s) and affected version(s): IBM Cognos Metrics Manager 10.2.2 IBM Cognos Metrics Manager 10.2.1

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_runtime_affect_ibm_cognos_metrics_manager_cve_2015_0478_cve_2015_0488_cve_2015_2808?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2015-0488 ,CVE-2015-0478 ,CVE-2015-2808 ,CVE-2015-0286 ,CVE-2015-0287 ,CVE-2015-0288 ,CVE-2015-0289 ,CVE-2015-0293 ,CVE-2014-0227 and CVE-2015-4000.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2015-07-07

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT