High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affects IBM Rational DOORS Next Generation (CVE-2017-10141, CVE-2017-10196)

Nov 17, 2017 9:01 am EST | High Severity

IBM Rational DOORS Next Generation® is affected by multiple vulnerabilities in the Oracle Outside In Technology® that is used as a component. CVE(s): CVE-2017-10141, CVE-2017-10196 Affected product(s) and affected version(s): Rational DOORS Next Generation 6.0.2-6.0.4 Previous versions are not affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22009204X-Force Database: ...read more


IBM Security Bulletin: Vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack

Nov 17, 2017 9:01 am EST | Medium Severity

Multiple security vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack. CVE(s): CVE-2017-1607, CVE-2017-1650, CVE-2017-1688, CVE-2017-1689 Affected product(s) and affected version(s): Rational DOORS Next Generation 6.0 – 6.0.4 Previous versions are not affected Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22010329X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/132927X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133260X-Force Database: ...read more


IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS

Nov 17, 2017 9:01 am EST | High Severity

There are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.5.1.0 to 1.5.2.7 of IBM SONAS CVE(s): CVE-2017-7792, CVE-2017-7791, CVE-2017-7787, CVE-2017-7786, CVE-2017-7785, CVE-2017-7784, CVE-2017-7779, CVE-2017-7753 Affected product(s) and affected version(s): IBM SONAS The product is affected when running code releases 1.5.1.0 to 1.5.2.7 Refer to the following reference URLs for remediation ...read more


IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM Storwize V7000 Unified (CVE-2017-7674, CVE-2017-7675)

Nov 17, 2017 9:01 am EST | High Severity

Vulnerabilities in Apache Tomcat affect IBM Storwize V7000 Unified (CVE-2017-7674, CVE-2017-7675). IBM Storwize V7000 Unified has addressed both CVEs. CVE(s): CVE-2017-7674, CVE-2017-7675 Affected product(s) and affected version(s): IBM Storwize V7000 Unified The product is affected when running code releases 1.6.0.0 to 1.6.2.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more


IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SONAS (CVE-2017-7674, CVE-2017-7675)

Nov 17, 2017 9:01 am EST | High Severity

Vulnerabilities in Apache Tomcat affect IBM SONAS (CVE-2017-7674, CVE-2017-7675). IBM SONAS has addressed both CVEs. CVE(s): CVE-2017-7674, CVE-2017-7675 Affected product(s) and affected version(s): IBM SONAS The product is affected when running a code releases 1.5.0.0 to 1.5.2.7 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010747X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/130248X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/130247 ...read more


IBM Security Bulletin: Multiple vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack

Nov 17, 2017 9:01 am EST | Medium Severity

Multiple vulnerabilities in Rational DOORS Next Generation with potential for Cross-Site Scripting attack. CVE(s): CVE-2017-1593, CVE-2017-1546, CVE-2017-1560, CVE-2017-1678, CVE-2017-1461 Affected product(s) and affected version(s): Rational DOORS Next Generation 6.0 – 6.0.4 Rational Requirements Composer 5.0 – 5.0.2 Rational Requirements Composer 4.0 – 4.0.7 Refer to the following reference URLs for remediation and additional vulnerability details:Source ...read more


IBM Security Bulletin: IBM WebSphere Commerce could allow an authenticated attacker to obtain information such as user personal data. (CVE-2017-1484)

Nov 17, 2017 9:01 am EST | Medium Severity

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer could allow an authenticated attacker to obtain information such as user personal data. CVE(s): CVE-2017-1484 Affected product(s) and affected version(s): WebSphere Commerce versions 8.0.0.0 – 8.0.0.19 WebSphere Commerce versions 8.0.1.0 – 8.0.1.13 WebSphere Commerce versions 8.0.3.0 – 8.0.3.4 WebSphere Commerce versions 8.0.4.0 – 8.0.4.8 WebSphere Commerce versions ...read more


IBM Security Bulletin: Samba vulnerability issue affects IBM Storwize V7000 Unified (CVE-2017-9461)

Nov 17, 2017 9:01 am EST | High Severity

IBM Storwize V7000 Unified is shipped with Samba, for which a fix is available for security vulnerability. CVE(s): CVE-2017-9461 Affected product(s) and affected version(s): IBM Storwize V7000 Unified The product is affected when running code releases 1.5.0.0 to 1.6.2.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010671X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/126916 ...read more


IBM Security Bulletin: IBM DataQuant is affected by an Open Source Apache Poi vulnerability.

Nov 17, 2017 9:00 am EST | Medium Severity

IBM DataQuant has addressed the following vulnerability. CVE(s): CVE-2017-5644 Affected product(s) and affected version(s): IBM DataQuant for Multiplatforms 1.1, 1.2, and 2.1 IBM DataQuant for z/OS 1.1 and 2.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22010565X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/123699 ...read more