JR56884: MULTIPLE VULNERABILITIES IN IBM SDK FOR JAVA SHIPPED WITH IBM PROCESS DESIGNER

bpm.8570.cf2016.12.delta.repository
8.0.1.3-WS-BPMPC-IFJR56884
8.5.7.201609-WS-BPMPCPD-IFJR56884
8.5.0.2-WS-BPMPCPD-IFJR56884
8.5.5.0-WS-BPMPCPD-IFJR56884
8.5.6.2-WS-BPMPCPD-IFJR56884
Downloading IBM Business Process Manager V8.5.7 Cumulative Fix 2016.12

APAR status

• Closed as program error.

Error description

• There are multiple vulnerabilities (CVEs) in IBM SDK Java
  Technology Edition, which is used in IBM Process Designer for
  IBM Business Process Manager (BPM).
  
  PRODUCTS AFFECTED
  IBM Business Process Manager (BPM) Advanced
  IBM BPM Standard
  IBM BPM Express
  

Local fix

Problem summary

• No additional information is available.
  

Problem conclusion

• A fix is available for the latest fix pack of all supported
  releases of IBM BPM. This fix resolves the IBM SDK for JAVA CPU
  October 2016 and JAVA CPU July 2016 issues.
  
  On Fix Central (http://www.ibm.com/support/fixcentral), search
  for JR56884:
  
      1. Select IBM Business Process Manager with your edition or
  IBM WebSphere Lombardi Edition from the product selector, the
  installed version to the fix pack level, and your platform, and
  then click Continue.
      2. Select APAR or SPR, enter JR56884, and click Continue.
  
  When you download fix packages, ensure that you also download
  the readme file for each fix. Review each readme file for
  additional installation instructions and information about the
  fix.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  BPM ADVANCED

• Fixed component ID

  5725C9400

Applicable component levels

• R751 PSY

     UP

• R801 PSY

     UP

• R850 PSY

     UP

• R855 PSY

     UP

• R856 PSY

     UP

• R857 PSY

     UP