High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Incorrect permissions on restored files and directories using IBM Spectrum Protect Backup-Archive Client web user interface on Windows (CVE-2019-4093)

Mar 26, 2019 10:01 am EDT | Medium Severity

Files and directories restored using the IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client web user interface on Windows may have incorrect permissions. CVE(s): CVE-2019-4093 Affected product(s) and affected version(s):IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client web user interface version 8.1.7 on Windows. Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: IBM MQ Appliance is affected by OpenSSL vulnerabilities (CVE-2018-0732 and CVE-2018-0739)

Mar 26, 2019 10:00 am EDT | Medium Severity

IBM MQ Appliance has addressed the following OpenSSL vulnerabilities. CVE(s): CVE-2018-0732, CVE-2018-0739 Affected product(s) and affected version(s): IBM MQ Appliance 9.1 Long Term Support (LTS) Release Maintenance levels between 9.1.0.0 and 9.1.0.1 IBM MQ Appliance 9.1.x Continuous Delivery (CD) Release Continuous delivery updates 9.1.1 Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: Vulnerability CVE-2018-14647 in Python affects IBM i

Mar 26, 2019 10:00 am EDT | Medium Severity

Python is supported by IBM i. IBM i has addressed the applicable CVE. CVE(s): CVE-2018-14647 Affected product(s) and affected version(s): Releases 7.1, 7.2 and 7.3 of IBM i are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10876694X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150579 ...read more


IBM Security Bulletin: Apache Axis as used in IBM QRadar SIEM is vulnerable to a possible man in the middle attack. (CVE-2012-5784)

Mar 26, 2019 10:00 am EDT | Medium Severity

IBM QRadar / QRM / QVM / QRIF / QNI includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. CVE(s): CVE-2012-5784 Affected product(s) and affected version(s): IBM QRadar SIEM 7.2.0 – 7.2.8 Patch 15 IBM QRadar SIEM 7.3.0 – 7.3.1 Patch 8 Refer to the following reference URLs for ...read more


IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0734, CVE-2018-5407)

Mar 25, 2019 10:01 am EDT | Medium Severity

OpenSSL vulnerabilities were disclosed on October 30 2018 and November 2 2018 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. CVE(s): CVE-2018-0734, CVE-2018-5407 Affected product(s) and affected version(s): IBM Rational ClearCase versions: Version Status 9.0.1 through 9.0.1.5 Affected 9.0 through 9.0.0.6 Affected 8.0.1 through ...read more


IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2018-0734, CVE-2018-5407)

Mar 25, 2019 10:00 am EDT | Medium Severity

OpenSSL vulnerabilities were disclosed on October 30 2018 and November 2 2018 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVE. CVE(s): CVE-2018-0734, CVE-2018-5407 Affected product(s) and affected version(s): Rational ClearQuest version 8 and 9 in the following components: ClearQuest hooks and cqperl/ratlperl scripts that ...read more


IBM Security Bulletin: A security vulnerability in IBM Java Runtime affects IBM Rational ClearQuest (CVE-2018-3180)

Mar 25, 2019 10:00 am EDT | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6, 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed as part of the IBM Java SDK updates in October 2018. CVE(s): CVE-2018-3180 Affected product(s) and affected version(s): IBM Rational ClearQuest version 8 and 9 in the following components: ClearQuest ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2018-3180, CVE-2018-3139)

Mar 25, 2019 10:00 am EDT | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6, 7, and 8, which are used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in October 2018. CVE(s): CVE-2018-3180, CVE-2018-3139 Affected product(s) and affected version(s): IBM Rational ClearCase version 8 and 9 in the following components: ...read more


IBM Security Bulletin: Security vulnerability in GSKit shipped with IBM PCOMM v12.

Mar 23, 2019 10:00 am EDT | Low Severity

GSKit is an IBM component that is used by Personal Communications v12. GSKit that is shipped with Personal Communications contains security vulnerability. Personal Communications has addressed it by packaging a higher version of GSKit that contains the fix. CVE(s): CVE-2016-0702 Affected product(s) and affected version(s): Personal Communications 12.0, 12.0.0.1, 12.0.1, 12.0.2, 12.0.3. Refer to the ...read more