IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark

Written by IBM PSIRT | August 29, 2016 | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is used by IBM Development Package for Apache Spark. These issues were disclosed as part of the IBM Java SDK updates in April 2016. CVE(s): If you run your own Java code using the IBM Java Runtime delivered with this product, you ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM Security Network Protection (CVE-2015-5352, CVE-2015-6563, and CVE-2015-6564)

Written by IBM PSIRT | August 29, 2016 | High Severity

Security vulnerabilities have been discovered in OpenSSH, which is used by IBM Security Network Protection. CVE(s): CVE-2015-5352, CVE-2015-6563, CVE-2015-6564 Affected product(s) and affected version(s): IBM Security Network Protection 5.3.1 IBM Security Network Protection 5.3.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21987978X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/104418X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/105881X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/105882 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect Decision Optimization Center (CVE-2016-3598)

Written by IBM PSIRT | August 29, 2016 | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ and IBM® Runtime Environment Java™ Version 6 and Version 7 that are used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in July 2016. CVE(s): CVE-2016-3598 Affected product(s) and affected version(s): IBM Decision Optimization Center v3.9 and ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server (CVE-2016-3550, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610)

Written by IBM PSIRT | August 29, 2016 | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 and Version 7 that are used by IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server. These issues were disclosed as part of the IBM Java SDK updates in July 2016. CVE(s): CVE-2016-3610, CVE-2016-3598, CVE-2016-3606, CVE-2016-3587, CVE-2016-3550 Affected product(s) and affected version(s): ...read more


IBM Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Security Network Protection

Written by IBM PSIRT | August 29, 2016 | High Severity

The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple vulnerabilities have been discovered in libxml2 used with IBM Security Network Protection. CVE(s): CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-4448, CVE-2016-4449, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447 Affected product(s) and affected version(s): IBM Security Network Protection 5.3.1 IBM Security Network ...read more


IBM Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection

Written by IBM PSIRT | August 29, 2016 | Medium Severity

There are multiple vulnerabilities in file that is used by IBM Security Network Protection. These vulnerabilities include CVE-2014-3538, CVE-2014-3587, CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, and CVE-2014-9653. CVE(s): CVE-2014-3538, CVE-2014-3587, CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653 Affected product(s) and affected version(s): IBM Security Network Protection 5.3.1 IBM Security Network Protection 5.3.2 Refer to the following reference URLs for ...read more


IBM Security Bulletin: Multiple vulnerabilities in NTP affect IBM Security Network Protection

Written by IBM PSIRT | August 29, 2016 | High Severity

There are multiple vulnerabilities in NTP that is used by IBM Security Network Protection. These vulnerabilities include CVE-2015-5194, CVE-2015-5195, CVE-2015-5219, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7852, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, and CVE-2016-2518. CVE(s): CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-5194, CVE-2015-5195, CVE-2015-5219, CVE-2015-7702, CVE-2015-7703, CVE-2015-7852, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, CVE-2016-2518 Affected product(s) and affected ...read more


IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection

Written by IBM PSIRT | August 29, 2016 | High Severity

There are multiple vulnerabilities in OpenSSL that is used by IBM Security Network Protection. These vulnerabilities include CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, and CVE-2016-2842. CVE(s): CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2842 Affected product(s) and affected version(s): IBM Security Network Protection 5.3.1 IBM Security Network Protection 5.3.2 Refer to the following reference URLs for ...read more


IBM Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in OpenSSL (CVE-2016-0797, CVE-2016-0705)

Written by IBM PSIRT | August 25, 2016 | Low Severity

Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web. CVE(s): CVE-2016-0797, CVE-2016-0705 Affected product(s) and affected version(s): IBM Security Access Manager for Web 7.0 appliances IBM Security Access Manager for Web 8.0, all firmware versions IBM Security Access Manager 9.0, all firmware versions Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in OpenSSL (CVE-2016-0797, CVE-2016-0705)

Written by IBM PSIRT | August 25, 2016 | Low Severity

Vulnerabilities in OpenSSL affect IBM Security Access Manager for Mobile. CVE(s): CVE-2016-0705, CVE-2016-0797 Affected product(s) and affected version(s): IBM Security Access Manager for Mobile 8.0, all firmware versions IBM Security Access Manager 9.0, all firmware versions Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21989106X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111140X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111142 ...read more


IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2015-8710)

Written by IBM PSIRT | August 25, 2016 | Medium Severity

Libxml2 is vulnerable to a denial of service, caused by an out-of-bounds memory access when parsing an unclosed HTML comment. By not closing out an HTML comment, a remote attacker could exploit this vulnerability to trigger an out-of-bounds read and cause the system to crash. CVE(s): CVE-2015-8710 Affected product(s) and affected version(s): IBM BigFix Security ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX (CVE-2016-3598, CVE-2016-3511, CVE-2016-3485)

Written by IBM PSIRT | August 25, 2016 | High Severity

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 6, 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in July 2016. CVE(s): CVE-2016-3598, CVE-2016-3511, CVE-2016-3485 Affected product(s) and affected version(s): AIX 5.3, 6.1, 7.1, 7.2 VIOS 2.2.x The following fileset levels ...read more