<html><body>
<p><font size="2" face="Consolas">The IBM Endpoint Manager team has updated multiple versions of the Endpoint </font><br>
<font size="2" face="Consolas">Manager product to address a critical vulnerability. This vulnerability </font><br>
<font size="2" face="Consolas">could allow an attacker to access files on an affected server or cause an </font><br>
<font size="2" face="Consolas">affected server to make an arbitrary HTTP GET request.</font><br>
<br>
<font size="2" face="Consolas">Here are the new patched versions of Endpoint Manager and the components </font><br>
<font size="2" face="Consolas">of those versions that have changed:</font><br>
<br>
<font size="2" face="Consolas">9.1.1088.0 -- Root Server, Web Reports, and S</font><font size="2" face="Consolas">erver API</font><br>
<font size="2" face="Consolas">9.0.853.0 -- Root Server, Web Reports, and Server API</font><br>
<font size="2" face="Consolas">8.2.1445.0 -- Web Reports and Server API</font><br>
<font size="2" face="Consolas">8.1.653.0 -- Web Reports and Server API</font><br>
<br>
<font size="2" face="Consolas">Agents and relays are not exposed to this vulnerability and do not need to </font><br>
<font size="2" face="Consolas">be patched.</font><br>
<br>
<font size="2" face="Consolas">After upgrading the server components, the following steps should be performed</font><br>
<font size="2" face="Consolas">to revoke any credentials that could have been compromised:</font><br>
<br>
<font size="2" face="Consolas">On IEM 9.0 and 9.1:</font><br>
<br>
<font size="2" face="Consolas"> 1) Rotate the server signing key: </font><br>
<font size="2" face="Consolas"> </font><a href="http://www-01.ibm.com/support/docview.wss?uid=swg21669587"><font size="2" face="Consolas">http://www-01.ibm.com/support/docview.wss?uid=swg21669587</font></a><br>
<font size="2" face="Consolas"> 2) Rotate custom SSL certificates in Web Reports or the Root Server, if you are</font><br>
<font size="2" face="Consolas"> using them (note: this is not common).</font><br>
<font size="2" face="Consolas"> 3) On Linux deployments, change any database or network proxy passwords that </font><br>
<font size="2" face="Consolas"> are in the Root Server or Web Reports settings</font><br>
<br>
<font size="2" face="Consolas">On IEM 8.1 and 8.2:</font><br>
<br>
<font size="2" face="Consolas"> 1) Rotate custom SSL certificates in Web Reports, if you are using them </font><br>
<font size="2" face="Consolas"> (note: this is not common).</font><br>
<font size="2" face="Consolas"> </font><br>
<br>
<font size="2" face="Consolas">For more information about addressing problems with files that may have been </font><br>
<font size="2" face="Consolas">compromised, please contact support for information and recommendations.</font><br>
<br>
<br>
<font size="2" face="Consolas">* Detailed changelist: </font><a href="http://support.bigfix.com/bes/changes/fullchangelist-91.txt"><font size="2" face="Consolas">http://support.bigfix.com/bes/changes/fullchangelist-91.txt</font></a><br>
<font size="2" face="Consolas">* Known issues: </font><a href="http://www-01.ibm.com/support/docview.wss?uid=swg21667537"><font size="2" face="Consolas">http://www-01.ibm.com/support/docview.wss?uid=swg21667537</font></a><br>
<font size="2" face="Consolas">* Upgrade fixlets are available in BES Support version 1168</font><br>
<br>
</body></html>