High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]


IBM Product Security Incident Response

Acknowledgement



Jun 23, 2017 2:30 pm EDT

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2017 Adeel Imtiaz (LinkedIn) Alberto Garcia Illera (SalesForce) Angelis Pseftis (Cyber Innovations Center, Jacobs) Bosko Stankovic (DefenseCode) Dominique Righetto (Excellium) Francisco Oca (SalesForce) Jakub ...read more


IBM Security Bulletin: XXE injection vulnerability in IBM API Connect (CVE-2017-1322)

Jun 23, 2017 10:00 am EDT | High Severity

An XML External Entity injection (XXE) vulnerability is exposed in IBM API Connect. CVE(s): CVE-2017-1322 Affected product(s) and affected version(s): IBM API Connect V5.0.0.0 – V5.0.7.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22003621X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/125918 ...read more


IBM Security Bulletin: Multiple vulnerabilities in OpenSource ISC Bind affects IBM Netezza Host Management

Jun 23, 2017 10:00 am EDT | High Severity

OpenSource ISC Bind is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs CVE(s): CVE-2017-3136, CVE-2017-3137, CVE-2017-3139 Affected product(s) and affected version(s): IBM Netezza Host Management 5.3.8.0 – 5.4.12.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22003115X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/124516X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/124517X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/125766 ...read more


IBM Security Bulletin: IBM® DB2® LUW’s Command Line Processor Contains Buffer Overflow Vulnerability (CVE-2017-1297).

Jun 23, 2017 10:00 am EDT | Medium Severity

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) Command Line Process (CLP) is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. CVE(s): CVE-2017-1297 Affected product(s) and affected version(s): All fix pack levels and editions of IBM DB2 V9.7, ...read more


IBM Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by vulnerabilities in zlib (CVE-2016-9840, CVE-2016-9841).

Jun 23, 2017 10:00 am EDT | Low Severity

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is affected by vulnerabilities in zlib. CVE(s): CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): All fix pack levels and editions of IBM DB2 V9.7, V10.1, V10.5 and V11.1 on all platforms are affected. Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: Buffer overflow vulnerability in IBM® DB2® LUW (CVE-2017-1105)

Jun 23, 2017 10:00 am EDT | Medium Severity

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. CVE(s): CVE-2017-1105 Affected product(s) and affected version(s): All fix pack levels of IBM DB2 V9.7, V10.1, V10.5 and V11.1 editions listed below ...read more


IBM Security Bulletin: IBM Tivoli Monitoring Soap Server (CVE-2016-6083)

Jun 23, 2017 10:00 am EDT | Medium Severity

The default configuration for IBM Tivoli Monitoring soap interface allows unathenticated users access to soap requests. CVE(s): CVE-2016-6083 Affected product(s) and affected version(s): IBM Tivoli Monitoring SOAP (KSH component) versions 6.2.2 through 6.2.2 Fix Pack 9, 6.2.3 through 6.2.3 Fix Pack 5 and 6.3.0 through 6.3.0 Fix Pack 7 Refer to the following reference URLs ...read more


IBM Security Bulletin: Sensitive data protection vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1349)

Jun 22, 2017 10:00 am EDT | Medium Severity

IBM Sterling B2B Integrator Standard Edition stores potentially sensitive information from HTTP sessions that could be read by a local user. CVE(s): CVE-2017-1349 Affected product(s) and affected version(s): IBM Sterling B2B Integrator 5.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22004209X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/126525 ...read more


IBM Security Bulletin: Multiple vulnerabilities in glibc affect Power Hardware Management Console

Jun 22, 2017 10:00 am EDT | Medium Severity

glibc is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE. CVE(s): CVE-2015-8778, CVE-2015-8779, CVE-2014-9761, CVE-2015-8776 Affected product(s) and affected version(s): Power HMC V8.8.3.0 Power HMC V8.8.4.0 Power HMC V8.8.5.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=nas8N1022033X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111086X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111087X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111085X-Force Database: ...read more