High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Vulnerabilities in libxml2 and zlib affect IBM Flex System Networking Switch Products

May 25, 2017 10:27 am EDT | High Severity

IBM Flex System Networking Switch Products have addressed the following vulnerabilities in libxml2 and zlib. Vulnerability Details: CVE(s): CVE-2016-4658, CVE-2016-9318, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): Product Affected Version IBM Flex System Fabric EN4093R 10Gb Scalable Switch 7.8 IBM Flex System Fabric CN4093 10Gb Converged Scalable 7.8 What IBM Flex System Fabric ...read more


IBM Security Bulletin: Vulnerabilities in php5 affect IBM BladeCenter Advanced Management Module (AMM)

May 25, 2017 10:26 am EDT | Medium Severity

IBM BladeCenter Advanced Management Module (AMM) has addressed the following vulnerabilities in php5. Vulnerability Details CVE(s): CVE-2016-6911, CVE-2016-8670 Affected product(s) and affected version(s): Product Affected Version IBM BladeCenter Advanced Management Module (AMM) BPET Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5099580X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119311X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119312 ...read more


IBM Security Bulletin: Vulnerabilities in Bind affect PowerKVM

May 25, 2017 10:02 am EDT | Medium Severity

PowerKVM is affected by vulnerabilities in ISC Bind. IBM has now addressed these vulnerabilities. CVE(s): CVE-2017-3136 Affected product(s) and affected version(s): PowerKVM versions 2.1 and 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1025194X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/124516 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager

May 25, 2017 10:02 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Fabric Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2017. Vulnerability Details: CVE(s): CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): Product Affected Version IBM Fabric Manager 4.1 Remediation/Fixes: Product Fix ...read more


IBM Security Bulletin: A vulnerability in PyCrypto affects PowerKVM

May 25, 2017 10:02 am EDT | High Severity

PowerKVM is affected by a vulnerability in python-crypto (PyCrypto). IBM has now addressed this vulnerability. CVE(s): CVE-2013-7459 Affected product(s) and affected version(s): PowerKVM 2.1 and PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1025134X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/124083 ...read more


IBM Security Bulletin: A vulnerability in nagios affects PowerKVM

May 25, 2017 10:02 am EDT | High Severity

PowerKVM is affected by a vulnerability in nagios. IBM has now addressed this vulnerability. CVE(s): CVE-2016-9565 Affected product(s) and affected version(s): PowerKVM 2.1 and PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1025135X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119797 ...read more


IBM Security Bulletin: IBM Web Experience Factory is affected by a security vulnerability in Apache POI (CVE-2017-5644)

May 25, 2017 10:02 am EDT | Medium Severity

Apache POI, which is bundled with IBM Web Experience Factory, could allow a remote attacker to launch a denial of service attack. CVE(s): CVE-2017-5644 Affected product(s) and affected version(s): Web Experience Factory 8.0 Web Experience Factory 8.5 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22003696X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/123699 ...read more


IBM Security Bulletin: A vulnerability in the Linux Kernel affects PowerKVM

May 25, 2017 10:02 am EDT | High Severity

PowerKVM is affected by a vulnerability in the Linux Kernel. IBM has now addressed this vulnerability. CVE(s): CVE-2017-7184 Affected product(s) and affected version(s): PowerKVM 2.1 and PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1025110X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/123470 ...read more


IBM Security Bulletin: Vulnerabilities in GStreamer affect PowerKVM

May 25, 2017 10:02 am EDT | High Severity

PowerKVM is affected by vulnerabilities in GStreamer. IBM has now addressed these vulnerabilities. CVE(s): CVE-2016-9634, CVE-2016-9634, CVE-2016-9635, CVE-2016-9635, CVE-2016-9636, CVE-2016-9807, CVE-2016-9808, CVE-2016-9636 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1025070X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121150X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121661X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121545X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121668X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121546X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121060X-Force ...read more