IBM Security Bulletin: IBM Connections Security Update

Written by IBM PSIRT | August 19, 2016 | Medium Severity

IBM Connections Security Update for multiple CVEs. There are multiple vulnerabilities in IBM Connections, see details below for remediation information. CVE(s): CVE-2016-2995, CVE-2016-2997, CVE-2016-2998, CVE-2016-3005, CVE-2016-3010 Affected product(s) and affected version(s): The following versions of IBM Connections are impacted: IBM Connections 5.5 IBM Connections 5.0 IBM Connections 4.5 IBM Connections 4.0 Refer to the following ...read more


IBM Security Bulletin: The IBM BigFix Platform has a Cross-Site Scripting vulnerability (CVE-2016-0293 )

Written by IBM PSIRT | August 19, 2016 | Medium Severity

A .beswrpt can be injected/modified to contain malicious JavaScript CVE(s): CVE-2016-0293 Affected product(s) and affected version(s): 9.0, 9.1, 9.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21985743X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111361 ...read more


IBM Security Bulletin: Password Disclosure via application tracing in IBM Tivoli Storage Manager HSM for Windows (CVE-2016-5918)

Written by IBM PSIRT | August 18, 2016 | Medium Severity

IBM Tivoli Storage Manager HSM for Windows (IBM Spectrum Protect HSM for Windows) may display the encrypted Tivoli Storage Manager password when application tracing is enabled. CVE(s): CVE-2016-5918 Affected product(s) and affected version(s): The following levels of IBM Tivoli Storage Manager HSM for Windows (IBM Spectrum Protect HSM for Windows) are affected: 7.1.0.0 through 7.1.4.1 ...read more


IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2016-5902)

Written by IBM PSIRT | August 18, 2016 | Medium Severity

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVE(s): CVE-2016-5902 Affected product(s) and affected version(s): This vulnerability affects the following versions of the IBM Maximo Asset Management ...read more


IBM Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM MQ Appliance

Written by IBM PSIRT | August 18, 2016 | High Severity

Heap-based buffer overflow flaws and denial of service flaws vulnerabilites in libxml2 affect the IBM MQ Appliance. IBM MQ Appliance has addressed the applicable CVEs. CVE(s): CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-4448, CVE-2016-4449, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447 Affected product(s) and affected version(s): IBM MQ Appliance M2000 IBM MQ Appliance M2001 Refer to ...read more


IBM Security Bulletin: IBM MQ Appliance potential execution of arbitrary commands (CVE-2016-5879)

Written by IBM PSIRT | August 18, 2016 | High Severity

There is potential for malicious users to execute arbitrary commands due to improper validation of the input parameters. CVE(s): CVE-2016-5879 Affected product(s) and affected version(s): IBM MQ Appliance M2000 IBM MQ Appliance M2001 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21987697X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/115074 ...read more


IBM Security Bulletin: Open Redirect Vulnerability in IBM Connections Portlets For WebSphere Portal (CVE-2016-2989)

Written by IBM PSIRT | August 18, 2016 | Medium Severity

A fix is available for an Open Redirect Vulnerability in ‘IBM Connections Portlets For WebSphere Portal’ (CVE-2016-2989). CVE(s): CVE-2016-2989 Affected product(s) and affected version(s): IBM Connections Portlets For WebSphere Portal v5.0 For unsupported versions IBM recommends upgrading to a fixed, supported version of the product. Refer to the following reference URLs for remediation and additional ...read more


IBM Security Bulletin: Content Classification is affected by Open Source Apache Xerces-C XML parser Vulnerability (CVE-2016-0729)

Written by IBM PSIRT | August 18, 2016 | High Severity

Content Classification is affected by Open Source Apache Xerces-C XML parser Vulnerability. CVE(s): CVE-2016-0729 Affected product(s) and affected version(s): IBM Content Classification 8.8 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21986130X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111028 ...read more


IBM Security Bulletin: IBM Connections Security Update (CVE-2016-2955)

Written by IBM PSIRT | August 18, 2016 | Medium Severity

IBM Connections Security Update for CVE-2016-2955. IBM Connections is vulnerable to cross-site scripting in IBM Connections 5.0 and later, see details below for remediation information. CVE(s): CVE-2016-2955 Affected product(s) and affected version(s): The following versions of IBM Connections are impacted: IBM Connections 5.5 IBM Connections 5.0 Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: IBM Connections Security Refresh for CVE-2016-2954, CVE-2016-2956,CVE-2016-3008

Written by IBM PSIRT | August 18, 2016 | Medium Severity

IBM Connections Security Update for multiple CVEs. There are multiple vulnerabilities in IBM Connection 5.5 and earlier, see details below for remediation information. CVE(s): CVE-2016-2954, CVE-2016-2956, CVE-2016-3008 Affected product(s) and affected version(s): The following versions of IBM Connections are impacted: IBM Connections 5.5 IBM Connections 5.0 Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM MQ Appliance

Written by IBM PSIRT | August 18, 2016 | High Severity

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM MQ Appliance. IBM MQ Appliance has addressed the applicable CVEs. CVE(s): CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109 Affected product(s) and affected version(s): IBM MQ Appliance M2000 IBM MQ Appliance M2001 Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Content Classification (CVE-2016-3443 and CVE-2016-3422)

Written by IBM PSIRT | August 18, 2016 | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6.0 that is used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in April 2016. CVE(s): CVE-2016-3443, CVE-2016-3422 Affected product(s) and affected version(s): IBM Content Classification 8.8 Refer to the following reference URLs for remediation and additional ...read more