High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects Liberty for Java for IBM Bluemix July 2017 CPU

Aug 23, 2017 10:00 am EDT | High Severity

There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in July 2017. These may affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Operations Analytics Predictive Insights

Aug 23, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 Service Refresh 10 Fix Pack 1 that is used by IBM Operations Analytics Predictive Insights 1.3.5 and earlier. There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refresh 4 Fix Pack 1 that is used by IBM Operations Analytics ...read more


IBM Security Bulletin: IBM MQ Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-5461)

Aug 23, 2017 10:00 am EDT | High Severity

IBM MQ Appliance has addressed a vulnerability in Network Security Services (NSS). CVE(s): CVE-2017-5461 Affected product(s) and affected version(s): IBM MQ Appliance 8.0 Maintenance levels between 8.0.0.0 and 8.0.0.6 IBM MQ Appliance 9.0.x Continuous Delivery (CD) Release Continuous delivery updates between 9.0.1 and 9.0.3 Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software

Aug 23, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in April 2017. CVE(s): CVE-2017-3511 Affected product(s) and affected version(s): Rational Application Developer 9.6.1 and earlier Refer to ...read more


IBM Security Bulletin: Multiple vulnerabilities in OpenSource NTP affects IBM Netezza Host Management

Aug 23, 2017 10:00 am EDT | Medium Severity

OpenSource NTP is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs. CVE(s): CVE-2017-6462, CVE-2017-6463, CVE-2017-6464 Affected product(s) and affected version(s): IBM Netezza Host Management 5.3.3.0 – 5.3.10.1 IBM Netezza Host Management 5.4.1.0 – 5.4.14.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22002233X-Force ...read more


IBM Security Bulletin: Fix available for Privilege Escalation Vulnerability in IBM Cúram Social Program Management (CVE-2017-1110)

Aug 23, 2017 10:00 am EDT | Medium Severity

IBM Cúram Social Program Management is vulnerable to a privilege escalation vulnerability in the product. CVE(s): CVE-2017-1110 Affected product(s) and affected version(s): IBM Cúram Social Program Management 7.0.0.0 – 7.0.0.1 IBM Cúram Social Program Management 6.2.0.0 – 6.2.0.4 IBM Cúram Social Program Management 6.1.1.0 – 6.1.1.4 IBM Cúram Social Program Management 6.1.0.0 – 6.1.0.4 IBM ...read more


IBM Security Bulletin: Security vulnerability in Cross-Site Scripting within IBM Cúram Social Program Management (CVE-2016-9732)

Aug 23, 2017 10:00 am EDT | Medium Severity

Cross-Site Scripting security vulnerability within the IBM Cúram Social Program Management product. CVE(s): CVE-2016-9732 Affected product(s) and affected version(s): IBM Cúram Social Program Management 7.0.0.0 – 7.0.0.1 IBM Cúram Social Program Management 6.2.0.0 – 6.2.0.4 IBM Cúram Social Program Management 6.1.1.0 – 6.1.1.4 IBM Cúram Social Program Management 6.1.0.0 – 6.1.0.4 IBM Cúram Social Program ...read more


IBM Security Bulletin: IBM i is affected by networking BIND vulnerabilities (CVE-2017-3142 and CVE-2017-3143)

Aug 22, 2017 10:00 am EDT | High Severity

ISC BIND is vulnerable to several security vulnerabilities. IBM i has addressed these vulnerabilities. CVE(s): CVE-2017-3142, CVE-2017-3143 Affected product(s) and affected version(s): Releases 6.1, 7.1, 7.2 and 7.3 of IBM i are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=nas8N1022234X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127901X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127902 ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Media Server

Aug 22, 2017 10:00 am EDT | High Severity

OpenSSL vulnerabilities were disclosed on December 3, 2015, January 28, 2016, March 1, 2016, May 3, 2016, October 24, 2016 and Jaunary 26, 2017 by the OpenSSL Project. OpenSSL is used by IBM Media Server. IBM Media Server has addressed the applicable CVEs. CVE(s): CVE-2016-8610, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, CVE-2015-3194, CVE-2015-3195, CVE-2015-3197, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, ...read more