Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-6056)

Mar 22, 2017 10:00 am EDT | High Severity

Vulnerability CVE-2017-6056 in the Apache Tomcat component affects the product’s management GUI. The Command Line Interface is unaffected. CVE(s): CVE-2017-6056 Affected product(s) and affected version(s): IBM SAN Volume Controller IBM Storwize V7000 IBM Storwize V5000 IBM Storwize V3700 IBM Storwize V3500 IBM FlashSystem V9000 All products are affected when running supported releases 7.1 to 7.6. ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for HP NonStop (CVE-2016-7055, CVE-2017-3732)

Mar 22, 2017 10:00 am EDT | Medium Severity

OpenSSL vulnerabilities were disclosed on November 10, 2016 and January 26, 2017 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. CVE(s): CVE-2016-7055, CVE-2017-3732 Affected product(s) and affected version(s): IBM Sterling Connect:Direct for HP NonStop 3.6.0.0 IBM Sterling Connect:Direct ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access

Mar 22, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6 and 7, which are used by IBM Rational DOORS Web Access. These issues were disclosed as part of the IBM Java SDK updates in January 2017. CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-5552, CVE-2016-2183 Affected product(s) and affected version(s): Rational DOORS Web Access versions 1.5, ...read more


IBM Security Bulletin: Vulnerabilities CVE-2016-0736, CVE-2016-2161 and CVE-2016-8743 in IBM i HTTP Server

Mar 22, 2017 10:00 am EDT | Medium Severity

HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. CVE(s): CVE-2016-0736, CVE-2016-2161, CVE-2016-8743 Affected product(s) and affected version(s): Releases 7.1, 7.2 and 7.3 of IBM i are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=nas8N1021918X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119918X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119919X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119917 ...read more


IBM Security Bulletin: Multiple vulnerabilities in Open Source Samba, NTP and ISC BIND affect IBM Netezza Host Management

Mar 22, 2017 10:00 am EDT | High Severity

Open Source Samba, NTP and ISC BIND are used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. CVE(s): CVE-2016-2126, CVE-2016-2125, CVE-2016-9310, CVE-2016-9311, CVE-2016-7426, CVE-2016-7429, CVE-2016-7433, CVE-2016-9147 Affected product(s) and affected version(s): IBM Netezza Host Management 5.2.1.0 – 5.4.9.0 Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager

Mar 21, 2017 1:08 pm EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Fabric Manager. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. CVE(s): CVE-2017-3289, CVE-2017-3272, CVE-2017-3241, CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2017-3252, CVE-2016-5547, CVE-2016-5552, CVE-2017-3261, CVE-2017-3231, CVE-2017-3259, CVE-2016-2183 Affected product(s) and affected version(s): IBM Fabric Manager ...read more


IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release

Mar 20, 2017 1:07 pm EDT | High Severity

Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release CVE(s): CVE-2016-6816, CVE-2016-8735 Affected product(s) and affected version(s): IBM UrbanCode Release 6.2.0.0 – 6.2.1.2 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg2C1000285 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119157 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119158 ...read more


IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release

Mar 20, 2017 1:07 pm EDT | Medium Severity

Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release CVE(s): CVE-2016-5018, CVE-2016-6794, CVE-2016-0762, CVE-2016-6796, CVE-2016-6797 Affected product(s) and affected version(s): IBM UrbanCode Release 6.2.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg2C1000283X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118406X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118405X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118407X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118404X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118403 ...read more


IBM Security Bulletin: IBM Call Center for Commerce is affected by Cross Site Scripting (XSS) Vulnerability (CVE-2016-6056)

Mar 20, 2017 1:07 pm EDT | Medium Severity

IBM Call Center for Commerce is vulnerable to a cross-site scripting attack which could lead to unauthorized access through the injected scripts. CVE(s): CVE-2016-6056 Affected product(s) and affected version(s): IBM Call Center for Commerce 9.3 IBM Call Center for Commerce 9.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22000442X-Force ...read more