WebSphere Business Events (WBE) V7.0.1.1 RS01943 iFix installation instruction This iFix fixes multiple security disclosure in Java SDK update of January 2015 including FREAK (CVE-2015-0204, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204). Installing this iFix for the JRE that WBE tools and Connectors use ================== For each WBE installation, follow the installation instruction below. 1) Stop WBE tools (including Web-based) and Connectors if the JAVA_HOME environment variable points to \jre 2) Back up \jre. 3) Determine the right version of com.ibm.java...jre_6.0.16.20141112.zip for your platform and unzip its content into the \jre directory so that the \jre\jre directory is replaced. 4) Restart the WBE tools and Connectors you stopped. Removing this iFix ================== If you need to remove the iFix, restore the content of your original \jre using the same procedure described above. * N.B. 1. To fix the same Common Vulnerabilities and Exposures for the JDK that came with the WebSphere Application Server (WAS) your WBE runtime is deployed to, you should get the corresponding fixes from WAS. 2. This iFix supersedes WebSphere Business Events (WBE) V7.0.1.1 RS01634 iFix, which contains fixes for * CVE-2014-0460 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460 ), * CVE-2014-0878 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0878 ), and * CVE-2014-0453 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453 ). 3. This iFix supersedes WebSphere Business Events (WBE) V7.0.1.1 RS01752 iFix, which contains fixes for * CVE-2014-4263 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263), and * CVE-2014-4244 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244). 4. This iFix supersedes WebSphere Business Events (WBE) V7.0.1.1 RS01827 iFix, which contains fixes for * CVE-2014-3566 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566).