High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Security Guardium Data Redaction. .

May 24, 2017 10:01 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 used by IBM Security Guardium Data Redaction. IBM Security Guardium Data Redactionaddressed the applicable CVEs CVE(s): CVE-2017-3511 Affected product(s) and affected version(s): IBM Security Guardium Data Redaction V2.5.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22003466X-Force Database: ...read more


IBM Security Bulletin: IBM Maximo Asset Management generates error messages that could reveal sensitive information that could be used in further attacks against the system (CVE-2017-1292)

May 24, 2017 10:01 am EDT | Medium Severity

IBM Maximo Asset Management generates error messages that could reveal sensitive information that could be used in further attacks against the system. CVE(s): CVE-2017-1292 Affected product(s) and affected version(s): This vulnerability affects the following versions of the IBM Maximo Asset Management core product, and all other IBM Maximo Industry Solution and IBM Control Desk products, ...read more


IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to HTTP response splitting attacks (CVE-2017-1291)

May 24, 2017 10:01 am EDT | Medium Severity

IBM Maximo Asset Management is vulnerable to HTTP response splitting attacks. CVE(s): CVE-2017-1291 Affected product(s) and affected version(s): This vulnerability affects the following versions of the IBM Maximo Asset Management core product, and all other IBM Maximo Industry Solution and IBM Control Desk products, regardless of their own version, if they are currently installed on ...read more


IBM Security Bulletin: Fix Available for IBM iNotes Cross-Site Scripting Vulnerability (CVE-2017-1325)

May 24, 2017 10:01 am EDT | Medium Severity

IBM iNotes fixed a cross-site scripting vulnerability CVE-2017-1325 CVE(s): CVE-2017-1325 Affected product(s) and affected version(s): IBM iNotes versions 9.0 and 9.0.1 prior to 9.0.1 Fix Pack 8 Interim Fix 2 IBM iNotes versions 8.5, 8.5.1, 8.5.2 and 8.5.3 prior to 8.5.3 Fix Pack 6 Interim Fix 4 Refer to the following reference URLs for remediation ...read more


IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Notes

May 24, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition Version 6 SR16FP35 that affect IBM Notes. These issues were disclosed as part of the IBM Java SDK updates in Feb. 2017, fixed with Version 6 SR16FP41 and Version 8 SR4FP1. CVE(s): CVE-2017-3289, CVE-2017-3272, CVE-2017-3241, CVE-2017-3260, CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2017-3252, CVE-2016-5547, CVE-2016-5552, CVE-2017-3261, CVE-2017-3231, ...read more


IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino

May 24, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition Version 6 SR16FP35 that affect IBM Domino. These issues were disclosed as part of the IBM Java SDK updates in Feb. 2017, fixed with Version 6 SR16FP41 and Version 8 SR4FP1. CVE(s): CVE-2017-3289, CVE-2017-3272, CVE-2017-3241, CVE-2017-3260, CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2017-3252, CVE-2016-5547, CVE-2016-5552, CVE-2017-3261, CVE-2017-3231, ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Web Experience Factory

May 23, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Version 6 used by IBM Web Experience Factory. These issues were disclosed as part of the IBM Java SDK updates in Apr 2017. CVE(s): CVE-2017-3511, CVE-2017-3539 Affected product(s) and affected version(s): IBM Web Experience Factory 8.0 IBM Web ...read more


IBM Security Bulletin: Directory Traversal vulnerabilities impact IBM Network Advisor.

May 23, 2017 10:00 am EDT | High Severity

Multiple Directory Traversal vulnerabilities affect IBM b-type SAN Network Advisor (CVE-2016-8204, CVE-2016-8205,CVE-2016-8206, CVE-2016-8207). CVE(s): CVE-2016-8204, CVE-2016-8206, CVE-2016-8207, CVE-2016-8205 Affected product(s) and affected version(s): Network Advisor versions released prior to and including 14.0.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ssg1S1009700X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120392X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120394X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120395X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120393 ...read more


IBM Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerability (CVE-2016-6816)

May 23, 2017 10:00 am EDT | Medium Severity

Some versions of Rational DOORS Web Access are shipped with an Apache Tomcat application server that contains security vulnerabilities. Apache Tomcat has been updated to incorporate fixes for these vulnerabilities. CVE(s): CVE-2016-6816 Affected product(s) and affected version(s): Rational DOORS Web Access version 9.6.1.8, 9.6.1.7, 9.6.1.4, 9.6.1.3, 9.6.1.2, 9.6.1.1, 9.6.1.0, 9.6.0.x, 9.5.2.x, 9.5.1.x, 9.5.0.x, 1.5.0.x. Refer ...read more