Allele Security Alert
OpenJDK did not ensure that the same endpoint identification algorithm was used during TLS session resumption
IBM Planning Analytics
IBM Planning Analytics versions 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5 and 2.0.6
IBM Planning Analytics version 2.0.7
Proof of concept
A vulnerability related to the Java SE Embedded JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
Java Secure Socket Extension (JSSE) implementation in OpenJDK did not ensure that the same endpoint identification algorithm was used during TLS session resumption as during initial session setup. An attacker could use this to expose sensitive information.
Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics
Oracle Java SE, Java SE Embedded, JRockit JSSE unspecified
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 3, 2019