IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects Liberty for Java for IBM Bluemix July 2016 CPU (CVE-2016-3485)

Written by IBM PSIRT | August 30, 2016 | Low Severity

There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in July 2016. These may affect some configurations of Liberty for Java for IBM Bluemix. CVE(s): CVE-2016-3485 Affected product(s) and affected version(s): This vulnerability affects all ...read more


IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino

Written by IBM PSIRT | August 30, 2016 | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition Version 6 SR16FP25 that affect IBM Domino. These issues were disclosed as part of the IBM Java SDK updates in July 2016, fixed with Version 6 SR16FP30. CVE(s): CVE-2016-3598, CVE-2016-3485 Affected product(s) and affected version(s): IBM Domino 9.0.1 through 9.0.1 FP6 IF3 IBM Domino 8.5.3 ...read more


IBM Security Bulletin: Vulnerability in Apache Xerces-C XML parser, including XML4C affects IBM InfoSphere Information Server (CVE-2016-0729)

Written by IBM PSIRT | August 30, 2016 | High Severity

Open Source Xerces-C XML parser vulnerability affects IBM InfoSphere Information Server. CVE(s): CVE-2016-0729 Affected product(s) and affected version(s): The following product, running on all supported platforms, is affected: IBM InfoSphere Information Server Connectivity components, DataStage (XML input, output, and transformer stages), Information Analyzer, Quality Stage, and Information Server Pack for Data Masking: versions 8.5, 8.7, ...read more


IBM Security Bulletin: Vulnerability in InstallAnywhere affects IBM Omni-Channel Marketing products suite for Microsoft Windows (CVE-2016-4560)

Written by IBM PSIRT | August 30, 2016 | High Severity

An InstallAnywhere vulnerability was disclosed by Flexera. InstallAnywhere is used by IBM Omni-Channel Marketing products suite for Microsoft Windows. IBM Omni-Channel Marketing products suite for Microsoft Windows has addressed the applicable CVE. CVE(s): CVE-2016-4560 Affected product(s) and affected version(s): IBM Campaign 8.5 – 9.1.2 IBM Contact Optimisation 8.5 – 9.1.2 IBM Predictive Insight 8.5 – ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark

Written by IBM PSIRT | August 29, 2016 | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is used by IBM Development Package for Apache Spark. These issues were disclosed as part of the IBM Java SDK updates in April 2016. CVE(s): If you run your own Java code using the IBM Java Runtime delivered with this product, you ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM Security Network Protection (CVE-2015-5352, CVE-2015-6563, and CVE-2015-6564)

Written by IBM PSIRT | August 29, 2016 | High Severity

Security vulnerabilities have been discovered in OpenSSH, which is used by IBM Security Network Protection. CVE(s): CVE-2015-5352, CVE-2015-6563, CVE-2015-6564 Affected product(s) and affected version(s): IBM Security Network Protection 5.3.1 IBM Security Network Protection 5.3.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21987978X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/104418X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/105881X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/105882 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect Decision Optimization Center (CVE-2016-3598)

Written by IBM PSIRT | August 29, 2016 | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ and IBM® Runtime Environment Java™ Version 6 and Version 7 that are used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in July 2016. CVE(s): CVE-2016-3598 Affected product(s) and affected version(s): IBM Decision Optimization Center v3.9 and ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server (CVE-2016-3550, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610)

Written by IBM PSIRT | August 29, 2016 | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 and Version 7 that are used by IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server. These issues were disclosed as part of the IBM Java SDK updates in July 2016. CVE(s): CVE-2016-3610, CVE-2016-3598, CVE-2016-3606, CVE-2016-3587, CVE-2016-3550 Affected product(s) and affected version(s): ...read more


IBM Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Security Network Protection

Written by IBM PSIRT | August 29, 2016 | High Severity

The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple vulnerabilities have been discovered in libxml2 used with IBM Security Network Protection. CVE(s): CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-4448, CVE-2016-4449, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447 Affected product(s) and affected version(s): IBM Security Network Protection 5.3.1 IBM Security Network ...read more


IBM Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection

Written by IBM PSIRT | August 29, 2016 | Medium Severity

There are multiple vulnerabilities in file that is used by IBM Security Network Protection. These vulnerabilities include CVE-2014-3538, CVE-2014-3587, CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, and CVE-2014-9653. CVE(s): CVE-2014-3538, CVE-2014-3587, CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653 Affected product(s) and affected version(s): IBM Security Network Protection 5.3.1 IBM Security Network Protection 5.3.2 Refer to the following reference URLs for ...read more


IBM Security Bulletin: Multiple vulnerabilities in NTP affect IBM Security Network Protection

Written by IBM PSIRT | August 29, 2016 | High Severity

There are multiple vulnerabilities in NTP that is used by IBM Security Network Protection. These vulnerabilities include CVE-2015-5194, CVE-2015-5195, CVE-2015-5219, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7852, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, and CVE-2016-2518. CVE(s): CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-5194, CVE-2015-5195, CVE-2015-5219, CVE-2015-7702, CVE-2015-7703, CVE-2015-7852, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, CVE-2016-2518 Affected product(s) and affected ...read more


IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection

Written by IBM PSIRT | August 29, 2016 | High Severity

There are multiple vulnerabilities in OpenSSL that is used by IBM Security Network Protection. These vulnerabilities include CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, and CVE-2016-2842. CVE(s): CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2842 Affected product(s) and affected version(s): IBM Security Network Protection 5.3.1 IBM Security Network Protection 5.3.2 Refer to the following reference URLs for ...read more