High Severity
IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)
A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]
Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)
On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]
IBM Security Bulletin: IBM Robotic Process Automation could disclose sensitive information in a web request (CVE-2018-1878)
Oct 31, 2018 9:01 am EDT | Medium Severity
IBM Robotic Process Automation could disclose sensitive information in a web request that could aid in future attacks against the system CVE(s): CVE-2018-1878 Affected product(s) and affected version(s): Affected IBM Robotic Process Automation with Automation Anywhere Affected Versions IBM Robotic Process Automation with Automation Anywhere 11.0 Refer to the following reference URLs for remediation and ...read more
IBM Security Bulletin: Passwords are unencrypted locally in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1877)
Oct 31, 2018 9:01 am EDT | Medium Severity
IBM Robotic Process Automation could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. CVE(s): CVE-2018-1877 Affected product(s) and affected version(s): Affected IBM Robotic Process Automation with Automation Anywhere Affected Versions IBM Robotic Process Automation with Automation Anywhere 11.0 Refer to the following reference URLs for ...read more
IBM Security Bulletin: Passwords printed to log files in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1876)
Oct 31, 2018 9:01 am EDT | Medium Severity
IBM Robotic Process Automation with Automation Anywhere log files may contain plain text password in some cases CVE(s): CVE-2018-1876 Affected product(s) and affected version(s): Affected IBM Robotic Process Automation with Automation Anywhere Affected Versions IBM Robotic Process Automation with Automation Anywhere 11.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more
IBM Security Bulletin: ViewONE is vulnerable to XXE attack when opening PDF documents
Oct 31, 2018 9:01 am EDT | High Severity
ViewONE is vulnerable to XXE attack when opening PDF documents. CVE(s): CVE-2018-1835 Affected product(s) and affected version(s): Daeja ViewONE 5.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10733815X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150514 ...read more
IBM Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in Python (CVE-2016-5636 CVE-2017-1000158)
Oct 31, 2018 9:01 am EDT | High Severity
Vulnerabilities in Python have been addressed by IBM RackSwitch firmware products listed below. CVE(s): CVE-2016-5636, CVE-2017-1000158 Affected product(s) and affected version(s): Product Affected Version IBM RackSwitch G8000 7.1 IBM RackSwitch G8052 7.9 IBM RackSwitch G8052 7.11 IBM RackSwitch G8124/G8124E 7.9 IBM RackSwitch G8124/G8124E 7.11 IBM RackSwitch G8264 7.9 IBM RackSwitch G8264 7.11 IBM RackSwitch G8264CS ...read more
IBM Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in Python (CVE-2016-5636 CVE-2017-1000158)
Oct 31, 2018 9:01 am EDT | High Severity
Vulnerabilities in Python have been addressed by the IBM Flex System switch firmware products listed below. CVE(s): CVE-2016-5636, CVE-2017-1000158 Affected product(s) and affected version(s): Product Affected Version IBM Flex System Fabric EN4093/EN4093R 10Gb Scalable Switch firmware 7.8 IBM Flex System EN2092 1Gb Ethernet Scalable firmware 7.8 IBM Flex System Fabric GbFSIM 10Gb Scalable Switch firmware ...read more
IBM Security Bulletin: IBM BladeCenter Switch Modules are affected by vulnerabilities in python (CVE-2016-5636 CVE-2017-1000158)
Oct 31, 2018 9:01 am EDT | High Severity
IBM BladeCenter Switch Modules have addressed the following vulnerabilities in Python. CVE(s): CVE-2016-5636, CVE-2017-1000158 Affected product(s) and affected version(s): Product Affected Version IBM 1/10 Gb Uplink Ethernet Switch Module 6.8 IBM 1/10 Gb Uplink Ethernet Switch Module 7.4 IBM BladeCenter Virtual Fabric 10Gb Switch Module 6.8 IBM BladeCenter Virtual Fabric 10Gb Switch Module 7.8 Refer ...read more
IBM Security Bulletin: Remote Code Execution vulnerability in IBM Robotic Process Automation with Automation Anywhere (CVE-2018-1552)
Oct 31, 2018 9:00 am EDT | Medium Severity
IBM Robotic Process Automation with Automation Anywhere is vulnerable to a remote code execution vulnerability CVE(s): CVE-2018-1552 Affected product(s) and affected version(s): Affected IBM Robotic Process Automation with Automation Anywhere Affected Versions IBM Robotic Process Automation with Automation Anywhere 10.0, 11.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22016247X-Force ...read more
IBM Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty (CVE-2018-1851)
Oct 30, 2018 9:01 am EDT | High Severity
There is a potential code execution vulnerability in OpenID connect in WebSphere Application Server Liberty. CVE(s): CVE-2018-1851 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server: Liberty Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10735105X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150999 ...read more