High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop (CVE-2017-3736)

Jan 18, 2018 9:00 am EST | Medium Severity

OpenSSL vulnerabilities were disclosed on November 2, 2017 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVE. CVE(s): CVE-2017-3736 Affected product(s) and affected version(s): IBM Sterling Connect:Direct for HP NonStop 3.6.0.0 IBM Sterling Connect:Direct for HP NonStop 3.6.0.1 IBM ...read more


IBM Security Bulletin: Security Vulnerabilities in IBM® Java SDK affects multiple IBM Rational products based on IBM Jazz technology

Jan 18, 2018 9:00 am EST | High Severity

There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 1.6 and 1.7 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ in IBM Cloud (CVE-2017-3736, CVE-2017-3737, CVE-2017-3738)

Jan 17, 2018 10:00 am EST | Medium Severity

OpenSSL vulnerabilities were disclosed on November 2, 2017 and December 7, 2017 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs. CVE(s): CVE-2017-3736, CVE-2017-3737 Affected product(s) and affected version(s): These vulnerabilities affect IBM SDK for Node.js v4.8.6.0 and earlier releases. These vulnerabilities affect ...read more


IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects Liberty for Java for IBM Cloud October 2017 CPU

Jan 17, 2018 10:00 am EST | High Severity

There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in October 2017. These may affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server ...read more


IBM Security Bulletin:Vulnerabilities in Open Source James Clark Expat affect IBM Netezza Analytics

Jan 17, 2018 10:00 am EST | Medium Severity

Open Source James Clark Expat is consumed by IBM Netezza Analytics and is vulnerable to denial of service. IBM Netezza Analytics has addressed the applicable CVEs CVE(s): CVE-2013-0340, CVE-2013-0341 Affected product(s) and affected version(s): IBM Netezza Analytics 1.2.1 – 3.2.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22012645X-Force Database: ...read more


IBM Security Bulletin: IBM Integration Bus is affected by WebAdmin Session Timeout vulnerability (CVE-2017-1693)

Jan 17, 2018 10:00 am EST | Medium Severity

IBM Integration Bus has addressed the following vulnerability CVE(s): CVE-2017-1693 Affected product(s) and affected version(s): IBM Integration Bus V9.0.0.0 – V9.0.0.8 IBM Integration Bus V10.0.0.0 – V10.0.0.9 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22012642X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134164 ...read more


IBM Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows

Jan 16, 2018 10:53 am EST | Medium Severity

Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows have addressed the following vulnerabilities in libxml2. CVE(s): CVE-2017-9050, CVE-2017-9049, CVE-2017-9048, CVE-2017-9047, CVE-2017-8872 Affected product(s) and affected version(s): The following products used with Intel Xeon Phi PCI-Express cards (Intel Xeon Phi 3120A, Intel Xeon Phi 5110P, Intel Xeon Phi 7120A, and Intel Xeon Phi ...read more


IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin

Jan 16, 2018 10:00 am EST | High Severity

There are multiple vulnerabilities related to IBM® Runtime Environment Java™ Technology Edition which is used and shipped by different versions of IBM Rational License Key Server Administration and Reporting Tool Admin (ART). CVE(s): CVE-2017-10281, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349 Affected product(s) and affected version(s): These vulnerabilities impact the following components and their releases: RLKS ...read more


IBM Security Bulletin: Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. (CVE-2017-1000257)

Jan 16, 2018 10:00 am EST | Medium Severity

Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. CVE(s): CVE-2017-1000257 Affected product(s) and affected version(s): IBM PureApplication System V2.1.0.0 IBM PureApplication System V2.1.0.1 IBM PureApplication System V2.1.0.2 IBM PureApplication System V2.1.0.0 IBM PureApplication System V2.1.1.0 IBM PureApplication System V2.1.2.0 IBM PureApplication System V2.1.2.1 IBM PureApplication System V2.1.2.2 IBM PureApplication System V2.1.2.3 IBM PureApplication System ...read more