High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect InfoSphere Optim Performance Manager (CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183)

Apr 21, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by InfoSphere Optim Performance Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2017. CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183 Affected product(s) and affected version(s): InfoSphere Optim Performance Manager 5.3.1 and earlier Refer to the following ...read more


IBM Security Bulletin: Plugin Uploads in IBM UrbanCode Deploy Vulnerable to XML Injection (CVE-2016-9007)

Apr 20, 2017 4:59 pm EDT | High Severity

Specially crafted malicious plugin uploads to UrbanCode Deploy can reveal sensitive data and consume system resources. CVE(s): CVE-2017-1149 Affected product(s) and affected version(s): All fixpacks of IBM UrbanCode Deploy 6.1 – 6.1.3.5 and IBM UrbanCode Deploy 6.2 – 6.2.3.1 are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg2C1000289X-Force ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM® Java Runtime affect IBM BigFix Remote Control.

Apr 20, 2017 4:58 pm EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refresh 3 Fixpack 10 and IBM® Runtime Environment Java™ Version 8 Service Refresh 3 Fixpack 10 used by IBM BigFix Remote Control. These issues were disclosed as part of the IBM Java SDK updates in January 2017. CVE(s): CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions(CVE-2016-5556, CVE-2016-5597 and CVE-2016-5542)

Apr 20, 2017 4:58 pm EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0, 7.0 and 8.0 that is used by IBM Tivoli Composite Application Manager for Transactions. These issues were disclosed as part of the IBM Java SDK updates in October 2016. CVE(s): CVE-2016-5556, CVE-2016-5597, CVE-2016-5542 Affected product(s) and affected version(s): IBM Tivoli Composite Application Manager ...read more


IBM Security Bulletin: Multiple vulnerability in IBM Java Runtime affect IBM Security SiteProtector System (CVE-2016-5597 CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5547 CVE-2016-2183)

Apr 20, 2017 4:58 pm EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.7 used by IBM Security SiteProtector System. These issues were disclosed as part of the IBM Java SDK updates in Oct 2016 and Jan 2017. CVE(s): CVE-2016-5597, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183 Affected product(s) and affected version(s): IBM Security SiteProtector System 3.0 and 3.1.1 Refer ...read more


IBM Security Bulletin: Vulnerability in Pivotal Spring Framework affects IBM Marketing Software products suite (CVE-2014-3625)

Apr 20, 2017 4:58 pm EDT | Medium Severity

A directory traversal vulnerability in Pivotal Spring Framework allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. This has been addressed in IBM Marketing Platform, IBM Campaign, IBM Interact, IBM Marketing Operations, IBM Contact Optimization, IBM Distributed Marketing and IBM Opportunity Detect. CVE(s): CVE-2014-3625 Affected product(s) and affected version(s): ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct Browser User Interface

Apr 20, 2017 10:00 am EDT | Medium Severity

Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct Browser User Interface (October 2016 CPU and January 2017 CPU) CVE(s): CVE-2016-5542, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2017-3259, CVE-2016-2183 Affected product(s) and affected version(s): IBM Sterling Connect:Direct Browser User Interface 1.5.0 through 1.5.0.2 iFix 18 IBM Sterling Connect:Direct Browser User Interface 1.4.0 through 1.4.11.0 iFix 5 Refer ...read more


IBM Security Bulletin: Vulnerabilities in zlib affect IBM® SDK for Node.js™ (CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843)

Apr 19, 2017 10:00 am EDT | Low Severity

zlib vulnerabilities were disclosed in December 2016 by the zlib project. zlib is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs. CVE(s): CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): These vulnerabilities affect IBM SDK for Node.js v4.8.0.0 and earlier releases. These vulnerabilities affect IBM SDK for ...read more


IBM Security Bulletin: Privilege escalation vulnerability affects IBM Security Guardium (CVE-2017-1122)

Apr 19, 2017 10:00 am EDT | High Severity

IBM Security Guardium contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM Security Guardium has addressed this issue CVE(s): CVE-2017-1122 Affected product(s) and affected version(s): IBM Security Guardium V8.2 IBM Security Guardium V9.0, 9.1, 9.5 IBM Security Guardium V10.0, 10.0.1, 10.1, ...read more