IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Bluemix (CVE-2016-5573, CVE-2016-5597, CVE-2016-5983)

Written by IBM PSIRT | December 7, 2016 | High Severity

There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM SDK for Java updates in October 2016. These may affect some configurations of IBM WebSphere Application Server Liberty. There is a potential code execution vulnerability in WebSphere ...read more


IBM Security Bulletin: IBM i is affected by networking BIND vulnerabilities (CVE-2016-2775, CVE-2016-2776, CVE-2016-8864 and CVE-2016-6170)

Written by IBM PSIRT | December 7, 2016 | High Severity

ISC BIND is vulnerable to several security vulnerabilities. IBM i has addressed these vulnerabilities. CVE(s): CVE-2016-2775, CVE-2016-2776, CVE-2016-6170, CVE-2016-8864 Affected product(s) and affected version(s): Releases 6.1, 7.1, 7.2 and 7.3 of IBM i are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=nas8N1021750X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/115477X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117246X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114759X-Force ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-2180, CVE-2016-2182, CVE-2016-6306)

Written by IBM PSIRT | December 7, 2016 | High Severity

Open SSL is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs. CVE(s): CVE-2016-2180, CVE-2016-2182, CVE-2016-6306 Affected product(s) and affected version(s): Power HMC V7.9.0.0 Power HMC V8.2.0.0 Power HMC V8.3.0.0 Power HMC V8.4.0.0 Power HMC V8.5.0.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=nas8N1021733X-Force Database: ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4 – HTTPS support for Perl Collector

Written by IBM PSIRT | December 7, 2016 | High Severity

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4. IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4 has addressed the applicable CVEs. CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6303, CVE-2016-2182, CVE-2016-2180, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-2181, CVE-2016-2183, ...read more


IBM Security Bulletin: Vulnerabilities in DHCP affect Power Hardware Management Console (‪CVE-2015-8605 and CVE-2016-2774‬‬)

Written by IBM PSIRT | December 7, 2016 | Medium Severity

DHCP is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs. CVE(s): CVE-2015-8605, CVE-2016-2774 Affected product(s) and affected version(s): Power HMC V7.7.9.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=nas8N1021703X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/109586X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111319 ...read more


IBM Security Bulletin: Multiple vulnerabilities affect IBM Security AppScan Enterprise

Written by IBM PSIRT | December 7, 2016 | High Severity

Previous releases of IBM Security AppScan Enterprise are affected by multiple vulnerabilities. OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Security AppScan Enterprise. IBM Security AppScan Enterprise has addressed the applicable CVEs. CVE(s): CVE-2016-2178, CVE-2016-2183, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306, CVE-2016-5983, CVE-2016-5986, CVE-2016-6042 Affected product(s) and ...read more


IBM Security Bulletin: Open Source Apache Tomcat , Commons FileUpload Vulnerabilities affecting IBM Algo Audit and Compliance (CVE-2016-3092)

Written by IBM PSIRT | December 7, 2016 | Medium Severity

Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. CVE(s): CVE-2016-3092 Affected product(s) and affected version(s): IBM Algo Audit and Compliance versions 2.1.0 Refer to the following ...read more


IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) configuration tool

Written by IBM PSIRT | December 7, 2016 | Medium Severity

OpenSSL vulnerabilities were disclosed on May 3, 2016, Sep 22, 2016 and Sep 26, 2016 by the OpenSSL Project. OpenSSL was used by IBM FSM SMIA configuration tool (commonly known as Network Advisor). This bulletin addresses the applicable CVEs. CVE(s): CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176, CVE-2016-6305, CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2178, CVE-2016-6306, CVE-2016-6308, CVE-2016-6309, CVE-2016-7052, CVE-2016-7053, ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Network Advisor (CVE-2016-3425, CVE-2016-3427, CVE-2016-0695).

Written by IBM PSIRT | December 7, 2016 | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology used in IBM Network Advisor. CVE(s): CVE-2016-3427, CVE-2016-3425, CVE-2016-0695 Affected product(s) and affected version(s): IBM Network Advisor Versions prior to 14.0.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ssg1S1009640X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112459X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112460X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112458 ...read more


IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM b-type SAN switches and directors and IBM Network Advisor (CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0704, CVE-2016-0704, CVE-2016-2842).

Written by IBM PSIRT | December 7, 2016 | High Severity

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM b-type SAN switches and directors and IBM Network Advisor. IBM has addressed the applicable CVEs. CVE(s): CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-2842 Affected product(s) and affected version(s): IBM Network Advisor prior to 14.0.2 and FOS firmware prior ...read more