Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Vulnerabilities in SSH affect IBM DataPower Gateways (CVE-2016-10009, CVE-2016-10012)

Mar 27, 2017 10:00 am EDT | Medium Severity

SSH vulnerabilities were disclosed by the OpenSSH Project. IBM DataPower Gateways has addressed the applicable CVEs. CVE(s): CVE-2016-10009, CVE-2016-10012 Affected product(s) and affected version(s): CVE-2016-10009: IBM DataPower Gateway version 7.5.2.0-7.5.2.2 CVE-2016-10012: IBM DataPower Gateway, versions 7.0.0.0-7.0.0.17, 7.1.0.0-7.1.0.14, 7.2.0.0-7.2.0.11, 7.5.0.0-7.5.0.5, 7.5.1.0-7.5.1.4, 7.5.2.0-7.5.2.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22000413&myns=swgws&mynp=OCSS9H2Y&mync=E&cm_sp=swgws-_-OCSS9H2Y-_-EX-Force ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSH and OpenSSL affect GPFS for Windows V3.5

Mar 27, 2017 10:00 am EDT | High Severity

OpenSSH vulnerabilities were disclosed on December 23, 2016 by the OpenSSH Project. OpenSSL vulnerabilities were disclosed on November 10, 2016 and January 26, 2017 by the OpenSSL Project. OpenSSH and OpenSSL are used by GPFS V3.5 for Windows. GPFS V3.5 for Windows has addressed the applicable CVEs. CVE(s): CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-7055, CVE-2017-3731, CVE-2017-3732 ...read more


IBM Security Bulletin: IBM Sterling Selling and Fulfillment Foundation is affected by Cross Site Scripting (XSS) Vulnerability (CVE-2016-8917)

Mar 27, 2017 10:00 am EDT | Medium Severity

IBM Sterling Selling and Fulfillment Foundation is vulnerable to a cross-site scripting attack which could lead to unauthorized access through the injected scripts. CVE(s): CVE-2016-8917 Affected product(s) and affected version(s): IBM Sterling Selling and Fulfillment Foundation 9.2.0 IBM Sterling Selling and Fulfillment Foundation 9.2.1 IBM Sterling Selling and Fulfillment Foundation 9.3.0 IBM Sterling Selling and ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology

Mar 27, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in the IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM). CVE(s): CVE-2016-6022, CVE-2016-6031, CVE-2016-6036, CVE-2016-9707 ...read more


IBM Security Bulletin: Vulnerability in GSKit affects IBM Sterling Connect:Direct for UNIX (CVE-2016-2183)

Mar 27, 2017 10:00 am EDT | Low Severity

An OpenSSL vulnerability disclosed by the OpenSSL Project affects GSKit. IBM Sterling Connect:Direct for UNIX uses GSKit and therefore is also vulnerable. This vulnerability is known as the SWEET32 Birthday attack. CVE(s): CVE-2016-2183 Affected product(s) and affected version(s): IBM Sterling Connect:Direct for Unix 4.2.0.0 through 4.2.0.4.iFix035 Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2016-9990)

Mar 27, 2017 10:00 am EDT | Medium Severity

IBM iNotes has a cross-site scripting vulnerability CVE-2016-9990. CVE(s): CVE-2016-9990 Affected product(s) and affected version(s): IBM iNotes versions 9.0 and 9.0.1 prior to 9.0.1 Fix Pack 7 IBM iNotes versions 8.5, 8.5.1, 8.5.2 and 8.5.3 prior to 8.5.3 Fix Pack 6 Interim Fix 15 Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: Vulnerability in OpenSSL affects LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware (CVE-2016-8610)

Mar 24, 2017 3:24 pm EDT | High Severity

LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerability in OpenSSL. CVE(s): CVE-2016-8610 Affected product(s) and affected version(s): Product Affected Version LCM8 & LCM16 KVM Switch Firmware 1.0 – 1.2.47.00 GCM16 & GCM32 KVM Switch Firmware 1.0 – 1.32.0.24546 Refer to the following reference URLs for ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Dashboard Framework

Mar 24, 2017 2:31 pm EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 used by WebSphere Dashboard Framework. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. CVE(s): CVE-2017-3241, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183 Affected product(s) and affected version(s): WebSphere Dashboard Framework 7.0.1 Refer to the following reference URLs for remediation ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Web Experience Factory

Mar 24, 2017 2:31 pm EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Version 6 used by IBM Web Experience Factory. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. CVE(s): CVE-2017-3241, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183 Affected product(s) and affected version(s): IBM Web Experience ...read more