Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Vulnerability in OpenSSL affects LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware (CVE-2016-8610)

Mar 24, 2017 3:24 pm EDT | High Severity

LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerability in OpenSSL. CVE(s): CVE-2016-8610 Affected product(s) and affected version(s): Product Affected Version LCM8 & LCM16 KVM Switch Firmware 1.0 – 1.2.47.00 GCM16 & GCM32 KVM Switch Firmware 1.0 – 1.32.0.24546 Refer to the following reference URLs for ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Dashboard Framework

Mar 24, 2017 2:31 pm EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 used by WebSphere Dashboard Framework. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. CVE(s): CVE-2017-3241, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183 Affected product(s) and affected version(s): WebSphere Dashboard Framework 7.0.1 Refer to the following reference URLs for remediation ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Web Experience Factory

Mar 24, 2017 2:31 pm EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Version 6 used by IBM Web Experience Factory. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. CVE(s): CVE-2017-3241, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183 Affected product(s) and affected version(s): IBM Web Experience ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Process Designer used in IBM Business Process Manager and WebSphere Lombardi Edition

Mar 24, 2017 2:31 pm EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Process Designer in IBM Business Process Manager and WebSphere Lombardi Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2017. CVE(s): CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-5552, CVE-2016-2183 Affected product(s) and affected version(s): This ...read more


IBM Security Bulletin: Vulnerabilities in zlib affect IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843)

Mar 24, 2017 2:31 pm EDT | Low Severity

Vulnerabilities were reported in zlib. zlib is used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. CVE(s): CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): IBM Sterling Connect:Direct for Microsoft Windows 4.6.0.0 through 4.6.0.6_iFix014 IBM Sterling Connect:Direct for Microsoft Windows 4.7.0.0 through 4.7.0.4_iFix026 Refer ...read more


IBM Security Bulletin: Privilege Escalation vulnerability affects Cognos Business Intelligence (CVE-2016-8960)

Mar 24, 2017 2:30 pm EDT | Medium Severity

Cognos Business Intelligence is vulnerable to a privilege escalation attack that could grant a user the Capabilities of another. CVE(s): CVE-2016-8960 Affected product(s) and affected version(s): IBM Cognos Business Intelligence Server 10.2.2 IBM Cognos Business Intelligence Server 10.2.1.1 IBM Cognos Business Intelligence Server 10.2.1 IBM Cognos Business Intelligence Server 10.2 Refer to the following reference ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware

Mar 24, 2017 11:35 am EDT | Low Severity

LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL. CVE(s): CVE-2016-0702, CVE-2016-0704, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799 Affected product(s) and affected version(s): Product Affected Version LCM8 & LCM16 KVM Switch Firmware 1.* GCM16 & GCM32 KVM Switch Firmware 1.* Refer to the following reference URLs ...read more


IBM Security Bulletin: Multiple Vulnerabilities in NTP affect Power Hardware Management Console

Mar 24, 2017 10:01 am EDT | Medium Severity

NTP is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs. CVE(s): CVE-2016-7426, CVE-2016-7429, CVE-2016-7433, CVE-2016-9310, CVE-2016-9311 Affected product(s) and affected version(s): Power HMC V8.8.3.0 Power HMC V8.8.4.0 Power HMC V8.8.5.0 Power HMC V8.8.6.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=nas8N1021868X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119094X-Force Database: ...read more


IBM Security Bulletin: Vulnerabilities CVE-2016-5636 and CVE-2016-5699 in Python affect IBM i

Mar 24, 2017 10:00 am EDT | High Severity

Python is supported by IBM i. IBM i has addressed the applicable CVE. CVE(s): CVE-2016-5699, CVE-2016-5636 Affected product(s) and affected version(s): Releases 7.1, 7.2 and 7.3 of IBM i are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=nas8N1021926X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114200X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114309 ...read more