High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology

Oct 23, 2017 10:00 am EDT | Medium Severity

Multiple vulnerabilities in the IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM). CVE(s): CVE-2017-1164, CVE-2017-1169, CVE-2017-1241, CVE-2017-5644, CVE-2017-1295, CVE-2017-1363 ...read more


IBM Security Bulletin: IBM b-type Network/Storage switches is affected by Open Source OpenSSL Vulnerabilities (OpenSSL and Node.JS consumers).

Oct 23, 2017 10:00 am EDT | Medium Severity

IBM b-type Network/Storage switches has addressed the following vulnerabilities (CVE-2017-3730, CVE-2017-3731, CVE-2017-3732, CVE-2016-7055). CVE(s): CVE-2017-3730, CVE-2017-3731, CVE-2017-3732, CVE-2016-7055 Affected product(s) and affected version(s): Affected IBM b-type Network/Storage switches Affected Versions IBM Network Advisor Versions Prior to 14.0.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ssg1S1010726X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121311X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121312X-Force ...read more


IBM Security Bulletin: Multiple vulnerabilities in cURL affect IBM Workload Scheduler

Oct 23, 2017 10:00 am EDT | Medium Severity

cURL vulnerabilities were disclosed by the cURL Project. OpenSSL is used by IBM Workload Manager. IBM Workload Manager has addressed the applicable CVEs CVE(s): CVE-2016-8616, CVE-2016-8621, CVE-2016-8624 Affected product(s) and affected version(s): TWS uses cURL libraries only for secure communication. These security exposures do not apply to the embedded WebSphere Application Server but only to ...read more



IBM Product Security Incident Response

Acknowledgement



Oct 20, 2017 12:30 pm EDT

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2017 Adeel Imtiaz (LinkedIn) Alberto Garcia Illera (SalesForce) Angelis Pseftis (Cyber Innovations Center, Jacobs) Bosko Stankovic (DefenseCode) Christopher Haney (LinkedIn) Dominique Righetto (Excellium) Eddie ...read more


IBM Security Bulletin: A vulnerability in Spice affects PowerKVM

Oct 20, 2017 10:49 am EDT | Medium Severity

PowerKVM is affected by a vulnerability in Spice. IBM has now addressed this vulnerability. CVE(s): CVE-2017-7506 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1025754X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/129056 ...read more


IBM Security Bulletin: Vulnerabilities in tcpdump affect PowerKVM

Oct 20, 2017 10:49 am EDT | High Severity

PowerKVM is affected by vulnerabilities in tcpdump. IBM has now addressed these vulnerabilities. CVE(s): CVE-2016-7986, CVE-2016-7985, CVE-2016-7984, CVE-2016-7983, CVE-2016-7975, CVE-2016-7974, CVE-2016-7973, CVE-2016-7940, CVE-2016-7939, CVE-2016-7938, CVE-2016-7937, CVE-2016-7936, CVE-2016-7935, CVE-2016-7934, CVE-2016-7933, CVE-2016-7932, CVE-2016-7931, CVE-2016-7930, CVE-2016-7929, CVE-2016-7928, CVE-2016-7927, CVE-2016-7926, CVE-2016-7925, CVE-2016-7924, CVE-2016-7923, CVE-2016-7922, CVE-2015-2155, CVE-2015-2154, CVE-2015-2153, CVE-2015-0261 Affected product(s) and affected version(s): PowerKVM 2.1 and 3.1 Refer to ...read more


IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Planning Analytics Express and IBM Cognos Express.

Oct 20, 2017 10:49 am EDT | High Severity

There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition Version 7 that is used by IBM Planning Analytics Express and IBM Cognos Express. These issues were disclosed as part of the IBM Java SDK updates in Oct 2016 and Jan 2017. OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM ...read more


IBM Security Bulletin: A vulnerability in libsoup affects PowerKVM

Oct 20, 2017 10:02 am EDT | High Severity

PowerKVM is affected by a vulnerability in libsoup. IBM has now addressed this vulnerability. CVE(s): CVE-2017-2885 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1025834X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/130196 ...read more


IBM Security Bulletin: Vulnerabilities in Apache HTTPD affect PowerKVM

Oct 20, 2017 10:02 am EDT | Medium Severity

PowerKVM is affected by vulnerabilities in Apache HTTPD. IBM has now addressed these vulnerabilities. CVE(s): CVE-2017-9788, CVE-2017-7679, CVE-2017-7668, CVE-2017-3169, CVE-2017-3167 Affected product(s) and affected version(s): PowerKVM 2.1 and 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1025773X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128482X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127420X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127419X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127417X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127416 ...read more