IBM Product Security Incident Response


Archive

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor

Nov 14, 2018 8:01 am EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ versions, specifically Version 8 Service Refresh 5 Fix Pack 10 and earlier releases used by IBM Spectrum Conductor with Spark 2.2.0, 2.2.1 and IBM Spectrum Conductor 2.3.0. These issues were disclosed as part of the IBM Java SDK updates in April 2018. CVE(s): CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-1656, CVE-2018-12539)

Nov 14, 2018 8:01 am EST | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2018. CVE(s): CVE-2018-1656, CVE-2018-12539 Affected product(s) and affected version(s): IBM Tivoli System Automation Application Manager 4.1.0.0 – 4.1.0.1 Refer to the ...read more


IBM Security Bulletin: IBM Planning Analytics Local is affected by multiple Node.js vulnerabilities

Nov 14, 2018 8:01 am EST | High Severity

The Planning Analytics Workspace component of IBM Planning Analytics is vulnerable to multiple Node.js vulnerabilities including OpenSSL vulnerabilities in Node.js. The version of Node.js use by IBM Planning Analytics Workspace has been upgraded to address these vulnerabilities. CVE(s): CVE-2018-0732, CVE-2018-0737, CVE-2018-7158, CVE-2018-7159, CVE-2018-7160, CVE-2018-7166, CVE-2018-12115 Affected product(s) and affected version(s): IBM Planning Analytics Local 2.0 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-1656 , CVE-2018-12539 )

Nov 13, 2018 8:01 am EST | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in July 2018. There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli System ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility

Nov 13, 2018 8:01 am EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. CVE(s): CVE-2018-1656, CVE-2018-12539 Affected product(s) and affected version(s): IBM Installation Manager and IBM Packaging Utility versions 1.8.9.1 and earlier. Refer to the ...read more


IBM Security Bulletin: Cross-site scripting vulnerability in Installation Verification Tool of WebSphere Application Server (CVE-2018-1643)

Nov 13, 2018 8:00 am EST | Medium Severity

There is a potential cross-site scripting vulnerability with the Installation Verification Tool of IBM WebSphere Application Server. CVE(s): CVE-2018-1643 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server: Version 9.0 Version 8.5 Version 8.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source ...read more


IBM Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty

Nov 12, 2018 8:01 am EST | High Severity

Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections has addressed publicly disclosed vulnerability found by vFinder: Eclipse Jetty. CVE(s): CVE-2018-11776 Affected product(s) and affected version(s): IBM Content Collector for Email – 4.0.1 IBM Content Collector for File Systems – 4.0.1 IBM Content Collector for SharePoint – 4.0.1 IBM Content Collector for IBM ...read more


IBM Security Bulletin: IBM Network Performance Insight (CVE-2018-11771)

Nov 12, 2018 8:01 am EST | Low Severity

Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Network Performance Insight

Nov 12, 2018 8:01 am EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version IBM JRE 8.0.2.10 used by IBM Network Performance Insight. IBM Network Performance Insight has addressed the applicable CVEs. CVE(s): CVE-2018-1656, CVE-2018-12539, CVE-2018-1517 Affected product(s) and affected version(s): IBM Network Performance Insight: 1.2.1, 1.2.2, 1.2.3. Refer to the following reference URLs for remediation and additional vulnerability ...read more