High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Vulnerabilities in NTP affect IBM Flex System Chassis Management Module (CMM)

May 21, 2017 10:00 am EDT | Medium Severity

IBM Chassis Management Module (CMM) has addressed the following vulnerabilities in NTP. Vulnerability Details: CVE(s): CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311 Affected product(s) and affected version(s): Product Affected Version IBM Flex System Chassis Management Module (CMM) 2PET Remediation/Fixes: Firmware fix versions are available on Fix Central: http://www.ibm.com/support/fixcentral/. Product Fix Version IBM Flex ...read more


IBM Security Bulletin: Security vulnerabilities have been identified in the Apache CXF component of IBM Tivoli Network Manager IP Edition (CVE-2016-6812, CVE-2016-8739)

May 20, 2017 10:01 am EDT | High Severity

Security vulnerabilities have been addressed in the Apache CXF component of IBM Tivoli Network Manager IP Edition. CVE(s): CVE-2016-6812, CVE-2016-8739 Affected product(s) and affected version(s): IBM Tivoli Network Manager 4.1.1 and 4.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22003596X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120409X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120408 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Enterprise Content Management System Monitor

May 20, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7 that is used by IBM Enterprise Content Management System Monitor. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547 Affected product(s) and affected version(s): IBM Enterprise Content Management System Monitor ...read more


IBM Security Bulletin: Vulnerabilities in xorg-x11-libX11 affect IBM Flex System Chassis Management Module (CMM)

May 20, 2017 10:00 am EDT | High Severity

IBM Chassis Management Module (CMM) has addressed the following vulnerabilities in xorg-x11-libX11. Vulnerability Details CVE(s): CVE-2016-7942, CVE-2013-7439, CVE-2013-1981, CVE-2013-1997, CVE-2013-2004 Affected product(s) and affected version(s): Product Affected Version IBM Flex System Chassis Management Module (CMM) 2PET Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5099564 X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117541 X-Force ...read more


IBM Security Bulletin: Vulnerabilities in cURL affect IBM Flex System Chassis Management Module (CMM)

May 20, 2017 10:00 am EDT | High Severity

IBM Chassis Management Module (CMM) has addressed the following vulnerabilities in cURL. Vulnerability Details: CVE(s): CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8621, CVE-2016-8623, CVE-2016-8624 Affected product(s) and affected version(s): Product Affected Version IBM Flex System Chassis Management Module (CMM) 2PET Remediation/Fixes: Firmware fix versions are available on Fix Central: http://www.ibm.com/support/fixcentral/. Product Fix Version IBM Flex System ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager

May 20, 2017 10:00 am EDT | High Severity

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the applicable CVEs. Vulnerability Details: CVE(s): CVE-2016-6302, CVE-2016-6305, CVE-2016-6303, CVE-2016-2182, CVE-2016-2179, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6304, CVE-2016-2183 Affected product(s) and affected version(s): Product Affected Version MegaRAID Storage Manager 15.11 Remediation/Fixes: ...read more


IBM Security Bulletin: IBM Content Navigator Cross Site Scripting Vulnerability

May 19, 2017 10:02 am EDT | Medium Severity

This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVE(s): CVE-2017-1282 Affected product(s) and affected version(s): IBM Content Navigator versions 2.0.3.5 – 2.0.3.8 IBM Content Navigator version 3.0.0 Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: Multiple vulnerabilities in Network Security Services (NSS) component affect SAN Volume Controller, Storwize family and FlashSystem V9000 products.

May 19, 2017 10:02 am EDT | Medium Severity

Vulnerabilities in Network Security Services (NSS) component affect the IBM SAN Volume Controller, Storwize Family and FlashSystem V9000 products. Though the CVE descriptions below document the vulnerabilities in the context of the Mozilla product, the IBM SAN Volume Controller, Storwize Family and FlashSystem V9000 products have resolved the vulnerabilities in the context in which the ...read more


IBM Security Bulletin: Vulnerabilities in tcpdump affect IBM Flex System Chassis Management Module (CMM)

May 19, 2017 10:02 am EDT | High Severity

IBM Chassis Management Module (CMM) has addressed the following vulnerabilities in tcpdump. Vulnerability Details CVE(s): CVE-2016-7922, CVE-2016-7923, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7931, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, CVE-2017-5486 Affected product(s) and affected version(s): Product Affected Version IBM Flex System Chassis ...read more