The integrated software is used by Tivoli Composite Application Manager for SOA, a platform which provides management for services, applications and middleware.
These bugs, which include the vulnerability popularly known as “SLOTH,” were reported by IBM when it updated Java SDK in January 2016.
"The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake," the bulletin stated.
Employing man-in-the-middle techniques, a saboteur could exploit this flaw to mimic a TLS server and glean credentials, IBM wrote.
No workarounds or mitigations have yet been provided.