High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: A vulnerability in OpenSSL affects IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) configuration tool (CVE-2017-3735)

Oct 18, 2017 10:00 am EDT | Medium Severity

A vulnerability has been discovered in OpenSSL that was used by IBM FSM SMIA configuration tool (commonly known as Network Advisor). This bulletin addresses that vulnerability. CVE(s): CVE-2017-3735 Affected product(s) and affected version(s): Flex System Manager 1.3.4.0 Flex System Manager 1.3.3.0 Flex System Manager 1.3.2.1 Flex System Manager 1.3.2.0 Refer to the following reference URLs ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct FTP+

Oct 18, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7.0.10.1 and 6.0.16.41 used by IBM Sterling Connect:Direct FTP+. IBM Sterling Connect:Direct FTP+ has addressed the applicable CVEs. CVE(s): CVE-2017-10115, CVE-2017-10116 Affected product(s) and affected version(s): IBM Sterling Connect:Direct FTP+ 1.3.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22009532X-Force ...read more


IBM Security Bulletin: Vulnerability in Apache Standard Taglibs affects IBM Connections Portlets For WebSphere Portal (CVE-2015-0254)

Oct 18, 2017 10:00 am EDT | High Severity

A vulnerability in Apache Standard Taglibs affects IBM Connections Portlets For WebSphere Portal (CVE-2015-0254). CVE(s): CVE-2015-0254 Affected product(s) and affected version(s): Affected Product Affected Versions IBM Connections Portlets For WebSphere Portal 5.0.0-5.0.2 For unsupported versions IBM recommends upgrading to a fixed, supported version of the product. Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: Financial Transaction Manager for ACH Services, Check Services, and Corporate Payment Services has a potential Cross Site Scripting vulnerability (CVE-2017-1634)

Oct 17, 2017 10:01 am EDT | Medium Severity

Financial Transaction Manager (FTM) for ACH Services, FTM for Check Services, and FTM for Corporate Payment Services has addressed a potential Cross Site Scripting vulnerability. CVE(s): CVE-2017-1634 Affected product(s) and affected version(s): – FTM for ACH Services v3.0.2.0 – 3.0.2.1 – FTM for Check Services v3.0.2.0 – 3.0.2.1 – FTM for CPS v3.0.2.0 – 3.0.2.1 ...read more


IBM Security Bulletin: An unspecified vulnerability related to the Java SE JCE component affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2017-10115)

Oct 17, 2017 10:01 am EDT | High Severity

There were multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool (LMT) and IBM BigFix Inventory (BFI). These issues were disclosed as part of the IBM Java SDK updates in July 2017. Fixes are already included in LMT and BFI version 9.2.9 or later. CVE(s): CVE-2017-10115 Affected product(s) ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Performance Tester.

Oct 17, 2017 10:01 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 and 1.7 used by Rational Performance Tester. These issues were disclosed as part of the IBM Java SDK updates in July 2017. CVE(s): CVE-2017-10115 Affected product(s) and affected version(s): Rational Performance Tester versions 8.3, 8.5, 8.6, 8.7, 9.0 and 9.1 Refer to the following ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Metrics Manager

Oct 17, 2017 10:01 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6 and 7 used in IBM Cognos Metrics Manager. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. CVE(s): CVE-2017-10067, CVE-2017-10087, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-1376 Affected product(s) and affected version(s): IBM Cognos Metrics Manager 10.2.2 IBM Cognos Metrics Manager ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Service Tester.

Oct 17, 2017 10:01 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 and 1.7 used by Rational Service Tester. These issues were disclosed as part of the IBM Java SDK updates in July 2017. CVE(s): CVE-2017-10115 Affected product(s) and affected version(s): Rational Service Tester versions 8.3, 8.5, 8.6, 8.7, 9.0 and 9.1. Refer to the following ...read more


IBM Security Bulletin: 3RD PARTY IBM MDM Software (11.0) report download without authentication affects IBM InfoSphere Master Data Management Collaboration Server

Oct 17, 2017 10:00 am EDT | Medium Severity

IBM InfoSphere Master Data Management – Collaborative Edition could allow an unauthorized user to download reports without authentication CVE(s): CVE-2017-1523 Affected product(s) and affected version(s): These vulnerabilities are known to affect the following offerings: IBM InfoSphere Master Data Management Collaboration Server version 11.5 Refer to the following reference URLs for remediation and additional vulnerability details:Source ...read more