High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring

Aug 18, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by IBM Tivoli Monitoring. These issues were disclosed as part of the IBM Java SDK updates in April 2017. CVE(s): CVE-2017-3514, CVE-2017-3512, CVE-2017-3511, CVE-2017-3509, CVE-2017-3544, CVE-2017-3533, CVE-2017-3539, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): IBM Tivoli Monitoring version ...read more


IBM Security Bulletin: Security Vulnerabilities in Apache FOP and Apache Batik affect IBM WebSphere Portal (CVE-2017-5661, CVE-2017-5662)

Aug 17, 2017 10:00 am EDT | Medium Severity

XML external entity (XXE) security vulnerabilities in Apache FOP and Apache Batik affect IBM WebSphere Portal (CVE-2017-5661, CVE-2017-5662). CVE(s): CVE-2017-5661, CVE-2017-5662 Affected product(s) and affected version(s): Affected Product Affected Versions IBM WebSphere Portal 9.0.0.0 – 9.0.0.0 CF13 IBM WebSphere Portal 8.5.0.0 – 8.5.0.0 CF13 IBM WebSphere Portal 8.0.0.0 – 8.0.0.1 CF22 IBM WebSphere Portal 7.0.0.0 ...read more



IBM Product Security Incident Response

Acknowledgement



Aug 16, 2017 5:30 pm EDT

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2017 Adeel Imtiaz (LinkedIn) Alberto Garcia Illera (SalesForce) Angelis Pseftis (Cyber Innovations Center, Jacobs) Bosko Stankovic (DefenseCode) Christopher Haney (LinkedIn) Dominique Righetto (Excellium) Francisco ...read more


IBM Security Bulletin: Potential security vulnerability in the WebSphere Application Server Admin Console (CVE-2017-1501)

Aug 16, 2017 10:00 am EDT | Medium Severity

There is a potential security vulnerability in the WebSphere Application Server Admin Console if you have updated the web services security bindings settings. If you changed the cipher suites in the web services security bindings settings they may not have been saved properly and thus be weaker security then you expected. Verify that your settings ...read more


IBM Security Bulletin: IBM Security Access Manager is affected by an OpenSSL vulnerability (CVE-2016-8610)

Aug 16, 2017 10:00 am EDT | High Severity

IBM Security Access Manager has addressed the following OpenSSL vulnerability known as “SSL-Death-Alert”. CVE(s): CVE-2016-8610 Affected product(s) and affected version(s): Affected IBM Security Access Manager Appliance Affected Versions IBM Security Access Manager for Web (appliance) 7.0 – 7.0.0.30 IBM Security Access Manager for Web 8.0 – 8.0.1.5 IBM Security Access Manager for Mobile 8.0 – ...read more


IBM Security Bulletin: IBM Security Access Manager appliances are affected by multiple Network Time Protocol (NTP) vulnerabilities

Aug 16, 2017 10:00 am EDT | Medium Severity

IBM Security Access Manager has addressed the following vulnerabilities that have been identified in Network Time Protocol (NTP). CVE(s): CVE-2016-7426, CVE-2016-7433, CVE-2016-9310, CVE-2016-9311, CVE-2016-7429 Affected product(s) and affected version(s): Affected IBM Security Access Manager Appliance Affected Versions IBM Security Access Manager for Web (appliance) 7.0 – 7.0.0.30 IBM Security Access Manager for Web 8.0 – ...read more


IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™ in IBM Bluemix

Aug 15, 2017 10:00 am EDT | High Severity

Vulnerabilities in Node.js and the c-ares library were disclosed on July 11 2017 by the Node.js Foundation. IBM SDK for Node.js has addressed the applicable CVEs. CVE(s): CVE-2017-1000381, CVE-2017-11499 Affected product(s) and affected version(s): These vulnerabilities affect IBM SDK for Node.js v4.8.3 and earlier releases. These vulnerabilities affect IBM SDK for Node.js v6.11.0.0 and earlier ...read more


IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting (CVE-2017-1338)

Aug 15, 2017 10:00 am EDT | Medium Severity

Undisclosed security vulnerability in IBM Rational DOORS Next Generation and Rational Requirements Composer may result in Cross-Site Scripting. CVE(s): CVE-2017-1338 Affected product(s) and affected version(s): Rational DOORS Next Generation 6.0 – 6.0.3 Rational Requirements Composer 5.0 – 5.0.2 Rational Requirements Composer 4.0.1 – 4.0.7 Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin:Security Vulnerability in IBM Java SDK for Quarterly CPU – April 2017 affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software (CVE-2017-3511)

Aug 15, 2017 10:00 am EDT | High Severity

Security vulnerability in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Software Architect and Rational Software Architect for WebSphere Software..The CVE (CVE-2017-3511) were disclosed as part of the IBM Java SDK updates in April 2017. CVE(s): CVE-2017-3511 Affected product(s) and affected version(s): Rational Software Architect 9.6 and earlier ...read more