High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Web Experience Factory

May 23, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Version 6 used by IBM Web Experience Factory. These issues were disclosed as part of the IBM Java SDK updates in Apr 2017. CVE(s): CVE-2017-3511, CVE-2017-3539 Affected product(s) and affected version(s): IBM Web Experience Factory 8.0 IBM Web ...read more


IBM Security Bulletin: Directory Traversal vulnerabilities impact IBM Network Advisor.

May 23, 2017 10:00 am EDT | High Severity

Multiple Directory Traversal vulnerabilities affect IBM b-type SAN Network Advisor (CVE-2016-8204, CVE-2016-8205,CVE-2016-8206, CVE-2016-8207). CVE(s): CVE-2016-8204, CVE-2016-8206, CVE-2016-8207, CVE-2016-8205 Affected product(s) and affected version(s): Network Advisor versions released prior to and including 14.0.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ssg1S1009700X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120392X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120394X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120395X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120393 ...read more


IBM Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerability (CVE-2016-6816)

May 23, 2017 10:00 am EDT | Medium Severity

Some versions of Rational DOORS Web Access are shipped with an Apache Tomcat application server that contains security vulnerabilities. Apache Tomcat has been updated to incorporate fixes for these vulnerabilities. CVE(s): CVE-2016-6816 Affected product(s) and affected version(s): Rational DOORS Web Access version 9.6.1.8, 9.6.1.7, 9.6.1.4, 9.6.1.3, 9.6.1.2, 9.6.1.1, 9.6.1.0, 9.6.0.x, 9.5.2.x, 9.5.1.x, 9.5.0.x, 1.5.0.x. Refer ...read more


IBM Security Bulletin: Open Source cURL Libcurl, used by BigFix Platform, has security vulnerabilities (CVE-2016-8617 CVE-2016-8624 CVE-2016-8621)

May 23, 2017 10:00 am EDT | Medium Severity

Three cURL/libcurl vulknerabilities have been identified as applicable to the BigFix Platform which could allow and out of bounds write, bypass access restrictions or execute arbitrary code. CVE(s): CVE-2016-8617, CVE-2016-8624, CVE-2016-8621 Affected product(s) and affected version(s): BigFix Platform 9.0 BigFix Platform 9.1 BigFix Platform 9.2 BigFix Platform 9.5 Refer to the following reference URLs for ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager (CVE-2016-5597, CVE-2016-5554)

May 23, 2017 10:00 am EDT | Medium Severity

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 and IBM Runtime Environment Java Version 8 used by IBM Security Access Manager version 8 and 9 appliances. These issues were disclosed as part of the IBM Java SDK updates in October 2016. CVE(s): CVE-2016-5597, CVE-2016-5554 Affected product(s) and affected version(s): IBM Security ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web (CVE-2016-5597, CVE-2016-5554)

May 23, 2017 10:00 am EDT | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 and IBM® Runtime Environment Java™ Versions 7 and 8 that are used by IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web version 7 software. These issues were disclosed as part of the IBM Java SDK updates ...read more


IBM Security Bulletin: Vulnerabilities in NTP affect IBM Flex System Chassis Management Module (CMM)

May 21, 2017 10:00 am EDT | Medium Severity

IBM Chassis Management Module (CMM) has addressed the following vulnerabilities in NTP. Vulnerability Details: CVE(s): CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311 Affected product(s) and affected version(s): Product Affected Version IBM Flex System Chassis Management Module (CMM) 2PET Remediation/Fixes: Firmware fix versions are available on Fix Central: http://www.ibm.com/support/fixcentral/. Product Fix Version IBM Flex ...read more


IBM Security Bulletin: Security vulnerabilities have been identified in the Apache CXF component of IBM Tivoli Network Manager IP Edition (CVE-2016-6812, CVE-2016-8739)

May 20, 2017 10:01 am EDT | High Severity

Security vulnerabilities have been addressed in the Apache CXF component of IBM Tivoli Network Manager IP Edition. CVE(s): CVE-2016-6812, CVE-2016-8739 Affected product(s) and affected version(s): IBM Tivoli Network Manager 4.1.1 and 4.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22003596X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120409X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120408 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Enterprise Content Management System Monitor

May 20, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7 that is used by IBM Enterprise Content Management System Monitor. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547 Affected product(s) and affected version(s): IBM Enterprise Content Management System Monitor ...read more