IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM InfoSphere Information Server (CVE-2016-3092)

Written by IBM PSIRT | December 5, 2016 | Medium Severity

An Apache Commons FileUpload vulnerability while processing file upload requests was addressed by IBM InfoSphere Information Server. CVE(s): CVE-2016-3092 Affected product(s) and affected version(s): The following product, running on all supported platforms, is affected: IBM InfoSphere Information Server: versions 8.5, 8.7, 9.1, 11.3, and 11.5 IBM InfoSphere Metadata Asset Manager: versions 8.7, 9.1, 11.3, and ...read more


IBM Security Bulletin: Vulnerability has been identified in IBM Cloud Orchestrator teamwork API (CVE-2016-0206 )

Written by IBM PSIRT | December 5, 2016 | Low Severity

A potential denial of service vulnerability has been identified in IBM Cloud Orchestrator teamwork executeServiceByName API if an invalid URL is provided by local authenticated user. IBM Cloud Orchestrator, formerly known as IBM SmartCloud Orchestrator has addressed the issue. CVE(s): CVE-2016-0206 Affected product(s) and affected version(s): IBM Cloud Orchestrator V2.3, V2.3.0.1 V2.4, V2.4.0.1, V2.4.0.2 Refer ...read more


IBM Security Bulletin: Vulnerabilities in PHP affect PowerKVM

Written by IBM PSIRT | December 2, 2016 | High Severity

PowerKVM is affected by numerous vulnerabilities in PHP. IBM has now addressed these vulnerabilities. CVE(s): CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768 Affected product(s) and affected version(s): PowerKVM 3.1 only Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1024545X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/115332X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114386X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114387X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114388 ...read more


IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM

Written by IBM PSIRT | December 2, 2016 | High Severity

PowerKVM is affected by vulnerabilities in the Linux kernel. IBM has now addressed these vulnerabilities. CVE(s): CVE-2016-5195, CVE-2016-3134, CVE-2016-4997, CVE-2016-4998, CVE-2016-5696 Affected product(s) and affected version(s): PowerKVM 2.1 and PowerKVM 3.1. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1024478X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118170X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111418X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114454X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114455X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/116101 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server October 2016 CPU (CVE-2016-5573, CVE-2016-5597) that is bundled with IBM WebSphere Application Server Patterns.

Written by IBM PSIRT | December 2, 2016 | High Severity

There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in October 2016. CVE(s): CVE-2016-5573, CVE-2016-5597 Affected product(s) and affected version(s): IBM Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0 through 1.0.0.7 and 2.2.0.0 ...read more


IBM Security Bulletin: Vulnerabilities in redis affect PowerKVM (CVE-2015-4335, CVE-2013-7458)

Written by IBM PSIRT | December 2, 2016 | High Severity

PowerKVM is affected by vulnerabilities in redis. IBM has now addressed these vulnerabilities. CVE(s): CVE-2015-4335, CVE-2013-7458 Affected product(s) and affected version(s): PowerKVM 2.1 and PowerKVM 3.1. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1024538X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/103645X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/115956 ...read more


IBM Security Bulletin: Authentication vulnerability affects IBM Integration Bus V10.0.0.4 onwards (CVE-2016-8918 )

Written by IBM PSIRT | December 2, 2016 | Medium Severity

Web user accounts can be authenticated against an LDAP server, in IBM Integration Bus V10.0.0.4 and later versions. However, under some circumstances it is possible for a remote user to be authenticated without providing valid credentials. CVE(s): CVE-2016-8918 Affected product(s) and affected version(s): IBM Integration Bus V10 Refer to the following reference URLs for remediation ...read more


IBM Security Bulletin: The WebAdmin context for WebSphere Message Broker Version 8 allows directory listings (CVE-2016-6080)

Written by IBM PSIRT | December 2, 2016 | Medium Severity

The WebAdmin context for WebSphere Message Broker Version 8 allows directory listings. CVE(s): CVE-2016-6080 Affected product(s) and affected version(s): WebSphere Message Broker V8 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21995004X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117560 ...read more


IBM Security Bulletin: IBM Mobile Connect is vulnerable to the Sweet32: Birthday Attacks (CVE-2016-2183)

Written by IBM PSIRT | December 2, 2016 | Low Severity

IBM Mobile Connect has addressed the vulnerability known as Sweet32: Birthday Attacks CVE(s): CVE-2016-2183 Affected product(s) and affected version(s): IBM Mobile Connect 6.1.5.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21994927X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/116337 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Process Designer used in IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2016-5573, CVE-2016-5597, CVE-2016-3485)

Written by IBM PSIRT | December 2, 2016 | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Process Designer in IBM Business Process Manager and WebSphere Lombardi Edition. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and in the IBM Java SDK updates in July 2016. CVE(s): CVE-2016-5573, CVE-2016-5597, CVE-2016-3485 ...read more