High Severity
IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)
A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]
Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)
On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]
IBM Security Bulletin: IBM i is affected by networking BIND vulnerabilities (CVE-2017-3142 and CVE-2017-3143)
Aug 22, 2017 10:00 am EDT | High Severity
ISC BIND is vulnerable to several security vulnerabilities. IBM i has addressed these vulnerabilities. CVE(s): CVE-2017-3142, CVE-2017-3143 Affected product(s) and affected version(s): Releases 6.1, 7.1, 7.2 and 7.3 of IBM i are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=nas8N1022234X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127901X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127902 ...read more
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Media Server
Aug 22, 2017 10:00 am EDT | High Severity
OpenSSL vulnerabilities were disclosed on December 3, 2015, January 28, 2016, March 1, 2016, May 3, 2016, October 24, 2016 and Jaunary 26, 2017 by the OpenSSL Project. OpenSSL is used by IBM Media Server. IBM Media Server has addressed the applicable CVEs. CVE(s): CVE-2016-8610, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, CVE-2015-3194, CVE-2015-3195, CVE-2015-3197, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, ...read more
IBM Security Bulletin: Vulnerability CVE-2017-1000381 and CVE-2017-11499 in Node.js affects IBM i
Aug 21, 2017 10:00 am EDT | High Severity
Node.js is supported by IBM i. IBM i has addressed the applicable CVE. CVE(s): CVE-2017-1000381, CVE-2017-11499 Affected product(s) and affected version(s): Releases 7.1, 7.2 and 7.3 of IBM i are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=nas8N1022230X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128625X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/129465 ...read more
IBM Security Bulletin: January 2016 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products
Aug 21, 2017 10:00 am EDT | High Severity
Multiple N Series Products incorporate the Oracle Java Platform, Standard Edition (Java SE) software libraries. Java SE (JDK and JRE) versions below 6u111, 7u95, and 8u72 and OpenJDK versions below 1.7.0.95 and 1.8.0.71 are susceptible to multiple vulnerabilities, potentially leading to an unauthorized Operating System takeover, a partial denial of service (DOS), an unauthorized read, ...read more
IBM Security Bulletin: Multiple vulnerabilities may affect ASP.NET Core in IBM Bluemix
Aug 19, 2017 10:00 am EDT | High Severity
Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege. Vulnerabilities in Node.js and the c-ares library were disclosed on July 11 2017 by the Node.js Foundation. IBM SDK for Node.js has addressed the applicable CVEs. CVE(s): CVE-2017-0256, CVE-2017-0249, CVE-2017-0247, CVE-2017-1000381, CVE-2017-11499 Affected product(s) and affected version(s): These vulnerabilities affect ASP.NET Core in IBM ...read more
IBM Security Bulletin: No verification of user rights for certain applications on MaaS360 Windows installations. (CVE-2017-1422).
Aug 19, 2017 10:00 am EDT | Medium Severity
EMSAgentCmd.exe executes commands without verifying the source of the request. Additionally, commands are not restricted to operating within the boundaries of the application’s self. CVE(s): CVE-2017-1422 Affected product(s) and affected version(s): Product/Version MaaS360 DTM all versions up to 3.81 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22006985X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127412 ...read more
IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products
Aug 19, 2017 10:00 am EDT | High Severity
Multiple vulnerabilities in the Oracle Java SE and the Java SE Embedded impact the IBM SDK, Java Technology Edition. CVE(s): CVE-2017-3514, CVE-2017-3512, CVE-2017-3511, CVE-2017-3526, CVE-2017-3509, CVE-2017-3544, CVE-2017-3533, CVE-2017-3539, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, Not Applicable Affected product(s) and affected version(s): IBM Monitoring 8.1.3 IBM Application Diagnostics 8.1.3 IBM Application Performance Management 8.1.3 IBM Application Performance ...read more
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere DataPower XC10 Appliance
Aug 19, 2017 10:00 am EDT | Medium Severity
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 and 7 that affect the WebSphere DataPower XC10 Appliance. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. CVE(s): CVE-2016-5548, CVE-2016-5547, CVE-2016-5552 Affected product(s) and affected version(s): WebSphere DataPower XC10 Appliance Version 2.1 WebSphere DataPower XC10 Appliance Version ...read more
IBM Security Bulletin: Vulnerabilities in zlib affect IBM Sterling Connect:Direct FTP+ (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843)
Aug 19, 2017 10:00 am EDT | Low Severity
Vulnerabilities were reported in zlib. zlib is used by IBM Sterling Connect:Direct FTP+. IBM Sterling Connect:Direct FTP+ has addressed the applicable CVEs. CVE(s): CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): IBM Sterling Connect:Direct FTP+ 1.3.0 IBM Sterling Connect:Direct FTP+ 1.2.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more