Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: IBM Algo One – Algo Risk Application (ARA) could allow retrieval of restricted files

Mar 29, 2017 5:46 pm EDT | Medium Severity

IBM Algo One – Algo Risk Application could allow a user to gain access to files in the local environment which should not be viewed by application users. CVE(s): CVE-2017-1154 Affected product(s) and affected version(s): 5.1, 5.0, 4.9.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21999892X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/122368 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale packaged the Elastic Storage Server and the GPFS Storage Server

Mar 29, 2017 5:46 pm EDT | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by the Elastic Storage Server and the GPFS Storage Server. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. CVE(s): CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-2183 Affected product(s) and affected version(s): The Elastic Storage Server 5.0 The Elastic ...read more


IBM Security Bulletin: Vulnerability in the GSKit component of Tivoli Netcool/OMNIbus (CVE-2016-2183)

Mar 29, 2017 5:46 pm EDT | Low Severity

Vulnerability has been addressed in the GSKit component of Tivoli Netcool/OMNIbus. CVE(s): CVE-2016-2183 Affected product(s) and affected version(s): Tivoli Netcool/OMNIbus 8.1.0 Tivoli Netcool/OMNIbus 7.4.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=swg22001105X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/116337 ...read more


IBM Security Bulletin: IBM Tivoli Monitoring Basic Services component. (CVE-2012-6702, CVE-2016-5300)

Mar 29, 2017 5:46 pm EDT | Medium Severity

IBM Tivoli Monitoring uses Expat parser for parsing various configuration xml files as well as parsing soap requests. CVE(s): CVE-2012-6702, CVE-2016-5300 Affected product(s) and affected version(s): The basic services module, kbb for IBM Tivoli Monitoring 622 through 622 Fix Pack 9, 623 through 623 Fix Pack 5 and 630 through 630 Fix Pack 7 is ...read more


IBM Security Bulletin: Vulnerabilities in Expat affect Intel (R) Manycore Platform Software Stack (MPSS) for Linux and Windows

Mar 29, 2017 5:45 pm EDT | Medium Severity

Intel® Manycore Platform Software Stack (MPSS) for Linux and Windows have addressed the following vulnerabilities in Expat. CVE(s): CVE-2012-6702, CVE-2016-5300 Affected product(s) and affected version(s): Product Affected Version Intel® Manycore Platform Software Stack (MPSS) for Linux 2.1.3-3.7.1 Intel® Manycore Platform Software Stack (MPSS) for Windows 3.1-3.6.1 Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a OpenSSL vulnerability (CVE-2017-3731)

Mar 29, 2017 10:01 am EDT | Medium Severity

A security vulnerability has been identified in OpenSSL that is embedded in IBM FSM. This bulletin addresses this issue. CVE(s): CVE-2017-3731 Affected product(s) and affected version(s): Flex System Manager 1.3.4.0 Flex System Manager 1.3.3.0 Flex System Manager 1.3.2.1 Flex System Manager 1.3.2.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more


IBM Security Bulletin: IBM TRIRIGA Application Platform Privilege Escalation (CVE-2017-1171)

Mar 29, 2017 10:00 am EDT | Medium Severity

Applications running in the IBM TRIRIGA Application Platform are vulnerable to a privilege escalation attack. CVE(s): CVE-2017-1171 Affected product(s) and affected version(s): The following IBM TRIRIGA Platform versions are affected. · IBM TRIRIGA Application Platform 3.5.0 – 3.5.2.0. · IBM TRIRIGA Application Platform 3.4.0 – 3.4.2.5. · IBM TRIRIGA Application Platform 3.3.0 – 3.3.2.5. Refer ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Synergy

Mar 29, 2017 10:00 am EDT | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 Service Refresh 16 Fix Pack 30 and earlier releases that is used by IBM Rational Synergy. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and Jan 2017. CVE(s): CVE-2016-5597, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183 Affected product(s) ...read more


IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2016-6115)

Mar 29, 2017 10:00 am EDT | Medium Severity

There is a vulnerability in IBM Spectrum Scale packaged with the Elastic Storage Server and the GPFS Storage Server. CVE(s): CVE-2016-6115 Affected product(s) and affected version(s): The Elastic Storage Server 4.0.0 – 4.0.6 and 4.5.0 – 4.5.1 The Elastic Storage Server 3.0.0 – 3.0.5 and 3.5.0 – 3.5.6 The Elastic Storage Server 2.5.0 – 2.5.5 ...read more