IBM Support

Security Bulletin: Multiple vulnerabilities in IBM Business Process Manager, and other bundling products shipped with IBM SmartCloud Orchestrator and SmartCloud Orchestrator Enterprise

Created by Shyamala Rajagopalan on
Published URL:
https://www.ibm.com/support/pages/node/268479
268479

Security Bulletin


Summary

Multiple vulnerabilities in IBM Business Process Manager, and other bundling products shipped with IBM SmartCloud Orchestrator and SmartCloud Orchestrator Enterprise. Information about security vulnerabilities affecting IBM Business Process Manager, and the bundling products IBM SmartCloud Cost Management, IBM Tivoli System Application Automation Manager and IBM Tivoli Monitoring has been published in a security bulletin (CVE-2015-1885, CVE-2015-1946, CVE-2015-1927, CVE-2015-1920).

Vulnerability Details

Consult the following security bulletins for vulnerability details and information about fixes for affected supporting products that are shipped with IBM SmartCloud Orchestrator

Consult the following security bulletins for vulnerability details and information about fixes for affected supporting products that are shipped solely with IBM SmartCloud Orchestrator Enterprise
For unsupported IBM SmartCloud Orchestrator V2.2.0 and V2.2.0.1 and IBM SmartCloud Orchestrator Enterprise V2.2.0 and V2.2.0.1. IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Affected Products and Versions

Affected versions of IBM SmartCloud Orchestrator, IBM SmartCloud Orchestrator Enterprise, and affected supporting products, which are shipped with IBM SmartCloud Orchestrator and IBM SmartCloud Orchestrator Enterprise, are listed in the following table.

Affected Principal Product and VersionsAffected Supporting Product and Version
IBM SmartCloud Orchestrator V2.2 and V2.2.0.1 IBM Business Process Manager Standard V8.0.1
IBM SmartCloud Orchestrator Enterprise V2.2 and V2.2.0.1 IBM Business Process Manager Standard V8.0.1
IBM Tivoli Monitoring V6.3.0
IBM SmartCloud Cost Management V2.1.0.2
IBM SmartCloud Orchestrator V2.3 and V2.3.0.1 up to iFix7
IBM Business Process Manager Standard V8.5
IBM Tivoli System Automation Application Manager V3.2.2.2
IBM SmartCloud Orchestrator Enterprise V2.3 and V2.3.0.1 up to iFix7 IBM Business Process Manager Standard V8.5
IBM Tivoli System Automation Application Manager V3.2.2.2
IBM SmartCloud Cost Management V2.1.0.3
IBM Tivoli Monitoring V6.3.0.1

Get Notified about Future Security Bulletins

References

Off

Change History

* 19 November 2015: Updated Vulnerability Details Section
* 11 November 2015: updated title and summary
* 29 October 2015: updated affected and unsupported versions
* 12 October 2015: Original copy published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Internal Use Only

CVE-IDs: CVE-2015-1885, CVE-2015-1946, CVE-2015-1927; CVE-2015-1920
ITM fix update available by 2016/15/01

[{"Product":{"code":"SS4KMC","label":"IBM SmartCloud Orchestrator"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF016","label":"Linux"}],"Version":"2.2;2.2.0.1;2.3;2.3.0.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 June 2018

UID

swg21968532