High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Feb 21, 2018 9:01 am EST | High Severity

Java SE issues disclosed in the Oracle January 2018 Critical Patch Update, plus one additional vulnerability CVE(s): CVE-2018-2639, CVE-2018-2638, CVE-2018-2633, CVE-2018-2637, CVE-2018-2634, CVE-2018-2582, CVE-2018-2641, CVE-2018-2618, CVE-2018-2657, CVE-2018-2629, CVE-2018-2603, CVE-2018-2599, CVE-2018-2602, CVE-2018-2678, CVE-2018-2677, CVE-2018-2663, CVE-2018-2588, CVE-2018-2579, CVE-2018-1417 Affected product(s) and affected version(s): IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 55 and ...read more


IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2018-1415)

Feb 21, 2018 9:01 am EST | Medium Severity

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVE(s): CVE-2018-1415 Affected product(s) and affected version(s): This vulnerability affects the following versions of the IBM Maximo Asset Management ...read more


IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL injection (CVE-2018-1414)

Feb 21, 2018 9:01 am EST | Medium Severity

IBM Maximo Asset Management is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. CVE(s): CVE-2018-1414 Affected product(s) and affected version(s): This vulnerability affects the following versions of the IBM Maximo Asset Management core product, and ...read more


IBM Security Bulletin: IBM b-type SAN switches and directors affected by XSS vulnerabilities CVE-2017-6225.

Feb 21, 2018 9:00 am EST | Medium Severity

Fabric OS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page ...read more


IBM Security Bulletin: Financial Transaction Manager for ACH Services has a potential input validation vulnerability (CVE-2018-1392)

Feb 21, 2018 9:00 am EST | Low Severity

Financial Transaction Manager (FTM) for ACH Services has addressed a potential input validation vulnerability for some web services in the web services component. CVE(s): CVE-2018-1392 Affected product(s) and affected version(s): – FTM for ACH Services v3.0.4, v3.1.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22013249X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138377 ...read more


IBM Security Bulletin: Financial Transaction Manager for ACH Services has a potential Denial of Service (DOS) vulnerability (CVE-2018-1391)

Feb 21, 2018 9:00 am EST | Medium Severity

Financial Transaction Manager (FTM) for ACH Services has addressed a potential Denial of Service (DOS) vulnerability for some web services in the web services component. CVE(s): CVE-2018-1391 Affected product(s) and affected version(s): – FTM for ACH Services v3.0.4, v3.1.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22013247X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138376 ...read more


IBM Security Bulletin: Financial Transaction Manager for ACH Services and Corporate Payment Services has a potential XML External Entity vulnerability (CVE-2017-1758)

Feb 21, 2018 9:00 am EST | High Severity

Financial Transaction Manager (FTM) for ACH Services and FTM for Corporate Payment Services (CPS) has addressed a potential XML External Entity vulnerability. For some web services, if the request is intercepted and modified, the XML payload could take advantage of XML External Entity Injection to cause denial of service. CVE(s): CVE-2017-1758 Affected product(s) and affected ...read more


IBM Security Bulletin: IBM Transformation Extender Advanced is Potentially Vulnerable to an XML External Entity (XXE) Injection in its REST API.

Feb 21, 2018 9:00 am EST | High Severity

IBM 10x framework used by IBM Transformation Extender Advanced REST API is vulnerable to XXE injection. The vulnerability was reported by IBM Financial Transaction Manager for ACH Services for Multi-Platform which also uses the IBM 10x framework. CVE(s): CVE-2017-1758 Affected product(s) and affected version(s): IBM Transformation Extender Advanced 9.0 Refer to the following reference URLs ...read more


IBM Security Bulletin: IBM API Connect is affected by Node.js tough-cookie module vulnerability to a denial of service (CVE-2016-1000232)

Feb 21, 2018 9:00 am EST | Medium Severity

API Connect has addressed the following vulnerability. Node.js tough-cookie module is vulnerable to a denial of service, caused by a regular expression error. By using a sufficiently large HTTP request Cookie header, a remote attacker could exploit this vulnerability to cause the application to consume an overly large amount of CPU resources. CVE(s): CVE-2016-1000232 Affected ...read more