IBM Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in OpenSSL (CVE-2016-0797, CVE-2016-0705)

Written by IBM PSIRT | August 25, 2016 | Low Severity

Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web. CVE(s): CVE-2016-0797, CVE-2016-0705 Affected product(s) and affected version(s): IBM Security Access Manager for Web 7.0 appliances IBM Security Access Manager for Web 8.0, all firmware versions IBM Security Access Manager 9.0, all firmware versions Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in OpenSSL (CVE-2016-0797, CVE-2016-0705)

Written by IBM PSIRT | August 25, 2016 | Low Severity

Vulnerabilities in OpenSSL affect IBM Security Access Manager for Mobile. CVE(s): CVE-2016-0705, CVE-2016-0797 Affected product(s) and affected version(s): IBM Security Access Manager for Mobile 8.0, all firmware versions IBM Security Access Manager 9.0, all firmware versions Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21989106X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111140X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111142 ...read more


IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2015-8710)

Written by IBM PSIRT | August 25, 2016 | Medium Severity

Libxml2 is vulnerable to a denial of service, caused by an out-of-bounds memory access when parsing an unclosed HTML comment. By not closing out an HTML comment, a remote attacker could exploit this vulnerability to trigger an out-of-bounds read and cause the system to crash. CVE(s): CVE-2015-8710 Affected product(s) and affected version(s): IBM BigFix Security ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX (CVE-2016-3598, CVE-2016-3511, CVE-2016-3485)

Written by IBM PSIRT | August 25, 2016 | High Severity

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 6, 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in July 2016. CVE(s): CVE-2016-3598, CVE-2016-3511, CVE-2016-3485 Affected product(s) and affected version(s): AIX 5.3, 6.1, 7.1, 7.2 VIOS 2.2.x The following fileset levels ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Financial Transaction Manager for ACH Services, Check Services, Corporate Payment Services (CVE-2016-5920, CVE-2016-1181, CVE-2016-1182, CVE-2016-3060)

Written by IBM PSIRT | August 25, 2016 | High Severity

Multiple vulnerabilities in IBM Financial Transaction Manager for ACH Services, Check Services, Corporate Payment Services (CVE-2016-5920, CVE-2016-1181, CVE-2016-1182, CVE-2016-3060) CVE(s): CVE-2016-1181, CVE-2016-1182, CVE-2016-3060, CVE-2016-5920 Affected product(s) and affected version(s): – FTM for ACH v3.0.0.0, v3.0.0.1, v3.0.0.2, v3.0.0.3, v3.0.0.4, v3.0.0.5, v3.0.0.6, v3.0.0.7, v3.0.0.8, v3.0.0.9, v3.0.0.10, 3.0.0.11, 3.0.0.12, 3.0.0.13, 3.0.0.14 – FTM for Check v3.0.0.0, v3.0.0.1, v3.0.0.2, ...read more


IBM Security Bulletin: IBM Tivoli Storage Manager FastBack Demo package on the Web Potential DLL Loading Code Execution Vulnerability (CVE-2016-5934 )

Written by IBM PSIRT | August 25, 2016 | High Severity

IBM Tivoli Storage Manager FastBack Demo package on the Web contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. CVE(s): CVE-2016-5934 Affected product(s) and affected version(s): FastBack Demo package on the Web page (option 4) https://www.ibm.com/marketing/iwm/tnd/featured.jsp?pgel=featdnld Refer to the following reference URLs for remediation ...read more


IBM Security Bulletin: Apache Commons FileUpload Vulnerability affects WebSphere Application Server (CVE-2016-3092)

Written by IBM PSIRT | August 25, 2016 | Medium Severity

Apache Commons Fileupload vulnerability affects WebSphere Application Server and WebSphere Application Server Hypervisor Edition. CVE(s): CVE-2016-3092 Affected product(s) and affected version(s): The following Versions of WebSphere Application Server and IBM WebSphere Application Server Hypervisor Edition may be affected: Liberty Version 9.0 Version 8.5 Version 8.0 Version 7.0 This vulnerability also affects the following versions of ...read more


IBM Security Bulletin: Rational Systems Tester is affected by Libxml2 vulnerabilities (CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)

Written by IBM PSIRT | August 25, 2016 | High Severity

A set of Libxml2 vulnerabilities were disclosed by the Libxml2 Project. Libxml2 is used by Rational Systems Tester. Rational Systems Tester has addressed the applicable CVEs. CVE(s): CVE-2016-4447, CVE-2016-4448, CVE-2016-4449 Affected product(s) and affected version(s): Rational Systems Tester 3.3, 3.3.0.1, 3.3.0.2, 3.3.0.3, 3.3.0.4, 3.3.0.5, 3.3.0.6, 3.3.0.7, 3.3.0.7 Interim Fix 1, 3.3.0.7 Interim Fix 2, 3.3.0.7 ...read more


IBM Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in OpenSSL

Written by IBM PSIRT | August 25, 2016 | High Severity

Vulnerabilities have been identified in OpenSSL. IBM Security Access Manager for Mobile uses OpenSSL and is affected by these vulnerabilities. CVE(s): CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2842 Affected product(s) and affected version(s): IBM Security Access Manager for Mobile 8.0, all firmware versions IBM Security Access Manager 9.0, all firmware versions Refer to the following ...read more


IBM Security Bulletin: A vulnerability in the Apache Xerces-C XML parser affects IBM Security Access Manager for Web (CVE-2016-0729)

Written by IBM PSIRT | August 25, 2016 | High Severity

IBM Security Access Manager for Web is affected by a vulnerability in the Apache Xerces-C XML parser. CVE(s): CVE-2016-0729 Affected product(s) and affected version(s): IBM Security Access Manager for Web 7.0 appliances IBM Security Access Manager for Web 8.0, all firmware versions IBM Security Access Manager 9.0, all firmware versions Refer to the following reference ...read more


IBM Security Bulletin: A vulnerability in the Apache Xerces-C XML parser affects IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software (CVE-2016-0729)

Written by IBM PSIRT | August 25, 2016 | High Severity

IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software is affected by a vulnerability in the Apache Xerces-C XML parser. CVE(s): CVE-2016-0729 Affected product(s) and affected version(s): IBM Tivoli Access Manager for e-business 6.0 IBM Tivoli Access Manager for e-business 6.1 IBM Tivoli Access Manager for e-business 6.1.1 IBM ...read more


IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Security Network Controller

Written by IBM PSIRT | August 25, 2016 | High Severity

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Security Network Controller. IBM Security Network Controller has addressed the applicable CVEs. CVE(s): CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176 Affected product(s) and affected version(s): IBM Security Network Controller 1.0.X Refer to the following reference URLs for remediation and ...read more