High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: IBM Flex System FC5022 16Gb SAN Scalable Switch is affected by vulnerabilities in OpenSSH

Nov 22, 2017 2:32 pm EST | Medium Severity

IBM Flex System FC5022 16Gb SAN Scalable Switch has addressed the following vulnerabilities in OpenSSH. CVE(s): CVE-2016-10009, CVE-2016-10012 Affected product(s) and affected version(s): IBM Flex System FC5022 16Gb SAN Scalable Switch Version 7.0-8.1 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099674 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119828 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119831 ...read more


IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in sudo.

Nov 22, 2017 2:29 pm EST | Medium Severity

IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in sudo. CVE(s): CVE-2016-7032, CVE-2016-7076 Affected product(s) and affected version(s): IBM Dynamic System Analysis (DSA) Preboot Version 9.6 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099647 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119500 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119502 ...read more


IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability in openssh (CVE-2015-8325)

Nov 22, 2017 2:26 pm EST | High Severity

IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerability in openssh. CVE(s): CVE-2015-8325 Affected product(s) and affected version(s): IBM Dynamic System Analysis (DSA) Preboot Version 9.6 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099646 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114628 ...read more


IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in curl

Nov 22, 2017 2:23 pm EST | High Severity

IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in curl. CVE(s): CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8621, CVE-2016-8623, CVE-2016-8624 Affected product(s) and affected version(s): IBM Dynamic System Analysis (DSA) Preboot Version 9.6 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099663 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/116938 X-Force ...read more


IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability in libxml2 (CVE-2016-4658)

Nov 22, 2017 2:10 pm EST | High Severity

IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerability in libxml2. CVE(s): CVE-2016-46588 Affected product(s) and affected version(s): IBM Dynamic System Analysis (DSA) Preboot Version 9.6 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099662 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117175 ...read more



IBM Product Security Incident Response

Acknowledgement



Nov 22, 2017 11:00 am EST

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2017 Adeel Imtiaz (LinkedIn) Alberto Garcia Illera (SalesForce) Angelis Pseftis (Cyber Innovations Center, Jacobs) Bosko Stankovic (DefenseCode) Christopher Haney (LinkedIn) Dominique Righetto (Excellium) Eddie ...read more


IBM Security Bulletin: Security Vulnerabilities in IBM HTTP Server (CVE-2017-9798, CVE-2017-12618)

Nov 22, 2017 9:01 am EST | High Severity

There is an information disclosure vulnerability and a denial of service vulnerability that affect the IBM HTTP Server used by WebSphere Application Server. CVE(s): CVE-2017-9798, CVE-2017-12618 Affected product(s) and affected version(s): These vulnerabilities affect the following versions and releases of IBM HTTP Server (powered by Apache) component in all editions of WebSphere Application Server and ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron

Nov 21, 2017 9:00 am EST | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR10 FP5 and Version 6 SR16 FP45 used by WebSphere Cast Iron. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. CVE(s): CVE-2017-10125, CVE-2017-10067, CVE-2017-10115, CVE-2017-10243 Affected product(s) and affected version(s): WebSphere Cast Iron v 7.5.1.0, 7.5.0.1, ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Collaboration and Deployment Services

Nov 21, 2017 9:00 am EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version JRE6SR16FP20, JRE7SR9FP30, JRE8SR1FP10, JRE8SR2FP10 used by Collaboration and Deployment Services. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. CVE(s): CVE-2017-10110, CVE-2017-10107, CVE-2017-10101, CVE-2017-10096, CVE-2017-10090, CVE-2017-10089, CVE-2017-10087, CVE-2017-10102, CVE-2017-10116, CVE-2017-10078, CVE-2017-10115, CVE-2017-10067, CVE-2017-10125, CVE-2017-10243, CVE-2017-10109, CVE-2017-10108, CVE-2017-10053, CVE-2017-10105 Affected ...read more