IBM Support

JR55223: SECURITY APAR - MULTIPLE CVES - MULTIPLE VULNERABILITIES IN IBM SDK SHIPPED WITH IBM INTEGRATION DESIGNER

Direct links to fixes

8.5.6.0-WS-IID-IFJR55223
8.5.5.0-WS-IID-IFJR55223
8.5.0.1-WS-IID-IFJR55223
8.0.1.3-WS-IID-IFJR55223
7.5.1.2-WS-IID-IFJR55223
7.0.0.5-WS-IID-IFJR55223
8.5.7.0: IBM Integration Designer V8.5 Refresh Pack 7 for Windows
8.5.7.0: IBM Integration Designer V8.5 Refresh Pack 7 for Linux

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • There are multiple vulnerabilities in IBM SDK Java Technology
Edition, which IBM Integration Designer and IBM WebSphere
Integration Developer use. These issues were disclosed as part
of the IBM SDK Java Technology Edition updates in January 2016,
discussed in "Security Bulletin: Multiple vulnerabilities in IBM
 Java SDK affect IBM Integration Designer and WebSphere
Integration Developer (CVE-2016-0475, CVE-2016-0466,
CVE-2015-7575, CVE-2016-0448)"
(http://www.ibm.com/support/docview.wss?uid=swg21977249). This
bulletin also addresses the Java specific "SLOTH - Weak MD5
Signature Hash" vulnerability.

PRODUCTS AFFECTED:
WebSphere Integration Developer
IBM Integration Designer

Local fix

  • 



Problem summary


    

  • No additional information is available.

    



Problem conclusion


    

  • A fix is available for the latest fix pack of all supported
releases of Integration Designer and WebSphere Integration
Developer.

On Fix Central (http://www.ibm.com/support/fixcentral), search
for JR55223:

    1. Select IBM WebSphere Integration Developer or IBM
Integration Designer from the product selector, the installed
version to the fix pack level, and your platform, and then click
Continue.
    2. Select APAR or SPR, enter JR55223, and click Continue.

When you download fix packages, ensure that you also download
the readme file for each fix. Review each readme file for
additional installation instructions and information about the
fix.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    JR55223
    • 

  • Reported component name
    INTEGRATION DES
    • 

  • Reported component ID
    5725C9702
    • 

  • Reported release
    856
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2016-02-10
    • 

  • Closed date
    2016-02-23
    • 

  • Last modified date
    2016-02-23
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    INTEGRATION DES
    • 

  • Fixed component ID
    5725C9702
    • 



Applicable component levels


    

  • R751  PSY
       UP
    • 

  • R801  PSY
       UP
    • 

  • R850  PSY
       UP
    • 

  • R855  PSY
       UP
    • 

  • R856  PSY
       UP
    • 

  • R857  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSTLXK","label":"IBM Integration Designer"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"856","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            16 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback