High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Vulnerability in the Linux Kernel affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-6214)

Sep 20, 2017 12:53 pm EDT | High Severity

IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems have addressed the following vulnerability in the Linux Kernel. CVE(s): CVE-2017-6214 Affected product(s) and affected version(s): Product Affected Version IBM Integrated Management Module II (IMM2) for System x and Flex Systems 1AOO IBM Integrated Management Module II (IMM2) for BladeCenter Systems 1AOO ...read more


IBM Security Bulletin: API Connect Portal is affected by multiple Drupal vulnerabilities

Sep 19, 2017 10:00 am EDT | Medium Severity

IBM API Connect has addressed the following vulnerabilities.  API Connect Portal is affected by multiple Drupal vulnerabilities. CVE(s): CVE-2017-6924, CVE-2017-6923, CVE-2015-7875, CVE-2017-6925 Affected product(s) and affected version(s): Affected IBM API Connect Affected Versions IBM API Connect 5.0.6.0-5.0.6.2 IBM API Connect 5.0.7.0-5.0.7.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22008323X-Force ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect API Connect

Sep 19, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM API Connect. These issues were disclosed as part of the IBM Java SDK updates in July 2017. CVE(s): CVE-2017-10115, CVE-2017-10116 Affected product(s) and affected version(s): IBM API Connect V5.0.0.0 – V5.0.7.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational Synergy

Sep 19, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 Service Refresh 16 Fix Pack 30 and earlier releases used by IBM Rational Synergy. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. CVE(s): CVE-2017-10115, CVE-2017-10116 Affected product(s) and affected version(s): IBM Rational Synergy 7.2.1 – 7.2.1.5.x IBM ...read more


IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Tivoli Storage Productivity Center (CVE-2017-1382)

Sep 19, 2017 10:00 am EDT | Medium Severity

A vulnerability in IBM WebSphere Application Server affects Tivoli Storage Productivity Center. WebSphere Application Server may have insecure file permissions after custom startup scripts are run. The custom startup script will not pull the umask from the server.xml. This may cause some log files to have different permissions then expected. Tivoli Storage Productivity Center has ...read more


IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Tivoli Storage Productivity Center (CVE-2017-1380)

Sep 19, 2017 10:00 am EDT | Medium Severity

A vulnerability in IBM WebSphere Application Server affects Tivoli Storage Productivity Center. There is a potential cross-site scripting vulnerability in the Admin Console for WebSphere Application Server. Tivoli Storage Productivity Center has addressed the applicable CVE. CVE(s): CVE-2017-1380 Affected product(s) and affected version(s): Tivoli Storage Productivity Center 5.1.0 through 5.1.1.14 Refer to the following reference ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA

Sep 18, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 used by Tivoli Composite Application Manager for SOA. Tivoli Composite Application Manager for SOA has addressed the applicable CVEs. CVE(s): CVE-2017-10115, CVE-2017-10116 Affected product(s) and affected version(s): IBM Tivoli Composite Application Manager for SOA 7.2 Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: Multiple vulnerabilities may affect IBM® WebSphere Real Time

Sep 18, 2017 10:00 am EDT | High Severity

Java SE issues disclosed in the Oracle July 2017 Critical Patch Update, plus one additional vulnerability. CVE(s): CVE-2017-10110, CVE-2017-10107, CVE-2017-10101, CVE-2017-10096, CVE-2017-10090, CVE-2017-10089, CVE-2017-10087, CVE-2017-10102, CVE-2017-10116, CVE-2017-10115, CVE-2017-10067, CVE-2017-10125, CVE-2017-10243, CVE-2017-10109, CVE-2017-10108, CVE-2017-10053, CVE-2017-10105, CVE-2017-1376 Affected product(s) and affected version(s): These vulnerabilities affect IBM WebSphere Real Time Version 3 Service Refresh 10 Fix Pack 5 ...read more


IBM Security Bulletin: Potential security vulnerability in selected fixpacks of WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1501)

Sep 18, 2017 10:00 am EDT | Medium Severity

The IBM Emptoris Strategic Supply Management Suite and IBM Emptoris Services Procurement products are affected by a vulnerability that exists in the IBM WebSphere Application Server . The security bulletin includes issues disclosed as part of the IBM WebSphere Application Server updates. The IBM Emptoris Strategic Supply Management Suite of products which is impacted by ...read more