Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Vulnerabilities in OpenSSL affect LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware

Mar 24, 2017 11:35 am EDT | Low Severity

LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL. CVE(s): CVE-2016-0702, CVE-2016-0704, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799 Affected product(s) and affected version(s): Product Affected Version LCM8 & LCM16 KVM Switch Firmware 1.* GCM16 & GCM32 KVM Switch Firmware 1.* Refer to the following reference URLs ...read more


IBM Security Bulletin: Multiple Vulnerabilities in NTP affect Power Hardware Management Console

Mar 24, 2017 10:01 am EDT | Medium Severity

NTP is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs. CVE(s): CVE-2016-7426, CVE-2016-7429, CVE-2016-7433, CVE-2016-9310, CVE-2016-9311 Affected product(s) and affected version(s): Power HMC V8.8.3.0 Power HMC V8.8.4.0 Power HMC V8.8.5.0 Power HMC V8.8.6.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=nas8N1021868X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119094X-Force Database: ...read more


IBM Security Bulletin: Vulnerabilities CVE-2016-5636 and CVE-2016-5699 in Python affect IBM i

Mar 24, 2017 10:00 am EDT | High Severity

Python is supported by IBM i. IBM i has addressed the applicable CVE. CVE(s): CVE-2016-5699, CVE-2016-5636 Affected product(s) and affected version(s): Releases 7.1, 7.2 and 7.3 of IBM i are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=nas8N1021926X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114200X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114309 ...read more


IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1120)

Mar 24, 2017 10:00 am EDT | Medium Severity

Fixes are available for a cross-site scripting vulnerability in IBM WebSphere Portal (CVE-2017-1120). CVE(s): CVE-2017-1120 Affected product(s) and affected version(s): IBM WebSphere Portal 9.0 IBM WebSphere Portal 8.5 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22000152X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121172 ...read more


IBM Security Bulletin: A cross-site scripting vulnerablity has been addressed in IBM Kenexa LMS on Cloud 5.1

Mar 24, 2017 10:00 am EDT | Medium Severity

A cross-site scripting vulnerablity has been addressed in IBM Kenexa LMS on Cloud 5.1 CVE(s): CVE-2016-8935 Affected product(s) and affected version(s): IBM Kenexa LMS 4.1, 4.2, 4.2.2, 4.2.3, 4.2.4, 5.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21999483X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118649 ...read more


IBM Security Bulletin: Multiple Security Vulnerabilties have been addressed in LCMS Premier on Cloud 11.0

Mar 24, 2017 10:00 am EDT | Medium Severity

Multiple Security Vulnerabilties have been addressed in LCMS Premier on Cloud 11.0 CVE(s): CVE-2017-1142, CVE-2017-1143 Affected product(s) and affected version(s): IBM Kenexa LCMS Premier 9.1, 9.2, 9.2.1, 9.3, 9.4, 9.5, 10.0, 10.2, 10.3 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21998874X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/122030X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/122032 ...read more


IBM Security Bulletin: IBM TRIRIGA Application Privilege Escalation (CVE-2017-1153)

Mar 23, 2017 10:00 am EDT | High Severity

The IBM TRIRIGA Application is vulnerable to privilege escalation vulnerability. CVE(s): CVE-2017-1153 Affected product(s) and affected version(s): The following IBM TRIRIGA Platform versions are affected. · IBM TRIRIGA Application Platform 3.5.0 – 3.5.2. · IBM TRIRIGA Application Platform 3.4.0 – 3.4.2.5. · IBM TRIRIGA Application Platform 3.3.0 – 3.3.2.5. Refer to the following reference URLs ...read more


IBM Security Bulletin: Vulnerability in IBM® Java SDK affects multiple IBM Rational products based on IBM Jazz technology

Mar 23, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 1.6 and 1.7 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance

Mar 23, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM MQ and the IBM MQ Appliance. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. Please ensure that you read the remediation/fixes section carefully before applying fixes. CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2017-3261, CVE-2016-2183 Affected ...read more