High Severity
IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)
A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]
Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)
On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor
Nov 14, 2018 8:01 am EST | High Severity
There are multiple vulnerabilities in IBM® Runtime Environment Java™ versions, specifically Version 8 Service Refresh 5 Fix Pack 10 and earlier releases used by IBM Spectrum Conductor with Spark 2.2.0, 2.2.1 and IBM Spectrum Conductor 2.3.0. These issues were disclosed as part of the IBM Java SDK updates in April 2018. CVE(s): CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, ...read more
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-1656, CVE-2018-12539)
Nov 14, 2018 8:01 am EST | High Severity
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2018. CVE(s): CVE-2018-1656, CVE-2018-12539 Affected product(s) and affected version(s): IBM Tivoli System Automation Application Manager 4.1.0.0 – 4.1.0.1 Refer to the ...read more
IBM Security Bulletin: IBM Planning Analytics Local is affected by multiple Node.js vulnerabilities
Nov 14, 2018 8:01 am EST | High Severity
The Planning Analytics Workspace component of IBM Planning Analytics is vulnerable to multiple Node.js vulnerabilities including OpenSSL vulnerabilities in Node.js. The version of Node.js use by IBM Planning Analytics Workspace has been upgraded to address these vulnerabilities. CVE(s): CVE-2018-0732, CVE-2018-0737, CVE-2018-7158, CVE-2018-7159, CVE-2018-7160, CVE-2018-7166, CVE-2018-12115 Affected product(s) and affected version(s): IBM Planning Analytics Local 2.0 ...read more
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-1656 , CVE-2018-12539 )
Nov 13, 2018 8:01 am EST | High Severity
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in July 2018. There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli System ...read more
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility
Nov 13, 2018 8:01 am EST | High Severity
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. CVE(s): CVE-2018-1656, CVE-2018-12539 Affected product(s) and affected version(s): IBM Installation Manager and IBM Packaging Utility versions 1.8.9.1 and earlier. Refer to the ...read more
IBM Security Bulletin: Cross-site scripting vulnerability in Installation Verification Tool of WebSphere Application Server (CVE-2018-1643)
Nov 13, 2018 8:00 am EST | Medium Severity
There is a potential cross-site scripting vulnerability with the Installation Verification Tool of IBM WebSphere Application Server. CVE(s): CVE-2018-1643 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server: Version 9.0 Version 8.5 Version 8.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source ...read more
IBM Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty
Nov 12, 2018 8:01 am EST | High Severity
Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections has addressed publicly disclosed vulnerability found by vFinder: Eclipse Jetty. CVE(s): CVE-2018-11776 Affected product(s) and affected version(s): IBM Content Collector for Email – 4.0.1 IBM Content Collector for File Systems – 4.0.1 IBM Content Collector for SharePoint – 4.0.1 IBM Content Collector for IBM ...read more
IBM Security Bulletin: IBM Network Performance Insight (CVE-2018-11771)
Nov 12, 2018 8:01 am EST | Low Severity
Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an ...read more
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Network Performance Insight
Nov 12, 2018 8:01 am EST | High Severity
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version IBM JRE 8.0.2.10 used by IBM Network Performance Insight. IBM Network Performance Insight has addressed the applicable CVEs. CVE(s): CVE-2018-1656, CVE-2018-12539, CVE-2018-1517 Affected product(s) and affected version(s): IBM Network Performance Insight: 1.2.1, 1.2.2, 1.2.3. Refer to the following reference URLs for remediation and additional vulnerability ...read more