Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)
On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]
IBM Security Bulletin: IBM Security Key Lifecycle Manager stores password in clear text (CVE-2019-4566)
Sep 21, 2019 9:02 am EDT | Medium Severity
IBM Security Key Lifecycle Manager stores user credentials in plain in clear text which can be read by a local user. CVE(s): CVE-2019-4566 Affected product(s) and affected version(s): IBM Security Key Lifecycle Manager (SKLM) v3.0 – v3.0.0.2 on distributed platforms IBM Security Key Lifecycle Manager (SKLM) v3.0.1- v3.0.1.1 on distributed platforms Refer to the following ...read more
IBM Security Bulletin: Apache Commons Compress vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-12402)
Sep 21, 2019 9:02 am EDT | Medium Severity
Apache Commons Compress is vulnerable to a denial of service which can affect IBM Spectrum Control (formerly IBM Tivoli Storage Productivity Center). CVE(s): CVE-2019-12402 Affected product(s) and affected version(s): Affected Product Affected Versions IBM Tivoli Storage Productivity Center 5.2.0 – 5.2.7.1 IBM Spectrum Control 5.2.8 – 5.2.17.3 IBM Spectrum Control 5.3.0 – 5.3.3 The versions ...read more
IBM Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)
Sep 21, 2019 9:02 am EDT | High Severity
Node.js denial of service vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center). CVE(s): CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518 Affected product(s) and affected version(s): Affected Product Affected Versions IBM Spectrum Control 5.3.0 – 5.3.3 Note that the 5.2 release is not affected. Refer to the following reference URLs for remediation and ...read more
IBM Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4285)
Sep 21, 2019 9:01 am EDT | Medium Severity
There is a potential clickjacking vulnerability in IBM WebSphere Application Server Liberty Admin Center which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center). CVE(s): CVE-2019-4285 Affected product(s) and affected version(s): Affected Product Affected Versions IBM Spectrum Control 5.2.13 – 5.2.17.3 IBM Spectrum Control 5.3.0 – 5.3.3 The versions listed above apply to all licensed ...read more
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-2684, CVE-2019-4473, CVE-2019-11771)
Sep 21, 2019 9:01 am EDT | High Severity
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped and used by IBM Spectrum Control (formerly Tivoli Storage Productivity Center). These issues were disclosed as part of the IBM Java SDK updates for April 2019 and July 2019. CVE(s): CVE-2019-2684, CVE-2019-4473, CVE-2019-11771 Affected product(s) and affected version(s): Affected Product Affected Versions ...read more
IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Cross-Site Request Forgery (CVE-2019-4515 )
Sep 20, 2019 9:02 am EDT | Medium Severity
IBM Security Key Lifecycle Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. CVE(s): CVE-2019-4515 Affected product(s) and affected version(s): IBM Security Key Lifecycle Manager (SKLM) v3.0 – v3.0.0.2 on distributed platforms IBM Security Key Lifecycle Manager (SKLM) ...read more
IBM Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation
Sep 20, 2019 9:02 am EDT | High Severity
IBM Rational DOORS Next Generation® is affected by multiple vulnerabilities in the Oracle Outside In Technology® that is used as a component. CVE(s): CVE-2019-2756, CVE-2019-2855, CVE-2019-2852, CVE-2019-2764, CVE-2019-2792, CVE-2019-2759, CVE-2019-2835, CVE-2019-2854, CVE-2019-2853 Affected product(s) and affected version(s): Rational DOORS Next Generation 6.0.6.1 Previous versions are not affected. Refer to the following reference URLs for remediation ...read more
IBM Security Bulletin: Synthetic Playback Agent 8.1.4 is affected by multiple vulnerabilities
Sep 20, 2019 9:02 am EDT | High Severity
Synthetic Playback Agent has addressed the following vulnerabilities: CVE(s): CVE-2019-11710, CVE-2019-11721, CVE-2019-11711, CVE-2019-11730, CVE-2019-11720, CVE-2019-11714, CVE-2019-11725, CVE-2019-11715, CVE-2019-11712, CVE-2019-11723, CVE-2019-9811, CVE-2019-11713, CVE-2019-11724, CVE-2019-11718, CVE-2019-11729, CVE-2019-11719, CVE-2019-11716, CVE-2019-11727, CVE-2019-11717, CVE-2019-11728, CVE-2019-11709, CVE-2019-11710, CVE-2019-11721, CVE-2019-11711, CVE-2019-11730, CVE-2019-11720, CVE-2019-11714, CVE-2019-11725, CVE-2019-11715, CVE-2019-11712, CVE-2019-11723, CVE-2019-9811, CVE-2019-11713, CVE-2019-11724, CVE-2019-11718, CVE-2019-11729, CVE-2019-11719, CVE-2019-11716, CVE-2019-11727, CVE-2019-11717, CVE-2019-11728, CVE-2019-11709 Affected product(s) and affected ...read more
IBM Security Bulletin: Synthetic Playback Agent 8.1.4.x is affected by multiple vulnerabilities of Mozilla Firefox
Sep 20, 2019 9:01 am EDT | High Severity
Synthetic Playback Agent has addressed the following vulnerabilities: CVE(s): CVE-2019-11699, CVE-2019-11700, CVE-2019-11698, CVE-2019-9800, CVE-2019-11701, CVE-2019-11699, CVE-2019-11700, CVE-2019-11698, CVE-2019-9800, CVE-2019-11701 Affected product(s) and affected version(s): Product Affected Versions Synthetic Playback Agent 8.1.4 – 8.1.4 IF07 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www.ibm.com/support/pages/security-bulletin-synthetic-playback-agent-814x-affected-multiple-vulnerabilities-mozilla-firefoxX-Force Database: X-Force Database: X-Force Database: X-Force Database: ...read more