High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Cross-site request forgery in WebSphere Application Server (CVE-2017-1194)

Apr 27, 2017 10:01 am EDT | Medium Severity

There is a potential cross-site request forgery in WebSphere Application Server OAuth service provider. CVE(s): CVE-2017-1194 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server: Liberty Version 9.0 Version 8.5 Version 8.0 Version 7.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source ...read more


IBM Security Bulletin: Multiple Ntp vulnerability affects IBM Identity Security Governance

Apr 27, 2017 10:01 am EDT | Medium Severity

There are multiple security vulnerabilities in various components used by IBM Security Identity Governance and Intelligence regarding the Ntp (CVE-2016-7426 CVE-2016-7433 CVE-2016-9310 CVE-2016-9311 CVE-2016-7429 ) CVE(s): CVE-2016-7426, CVE-2016-7433, CVE-2016-9310, CVE-2016-9311, CVE-2016-7429 Affected product(s) and affected version(s): IBM Security Identity Governance and Intelligence 5.2.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source ...read more


IBM Security Bulletin: Vulnerability in OpenSSL affect IBM BigFix Remote Control (CVE-2016-7055)

Apr 27, 2017 10:00 am EDT | Medium Severity

A security vulnerability exists in OpenSSL used by IBM BigFix Remote Control. This vulnerability can be used to cause a denial of service attack. IBM BigFix Remote Control has remediated this vulnerability. CVE(s): CVE-2016-7055 Affected product(s) and affected version(s): IBM BigFix Remote Control 9.1.3 Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Governance and Inelligence available

Apr 27, 2017 10:00 am EDT | High Severity

There are multiple security vulnerabilities in various components used by IBM Security Identity Manager Virtual Appliance CVE(s): CVE-2017-3289, CVE-2017-3272, CVE-2017-3241, CVE-2017-3260, CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2017-3252, CVE-2016-5547, CVE-2016-5552, CVE-2017-3261, CVE-2017-3231, CVE-2017-3259, Not Applicable, CVE-2016-2183 Affected product(s) and affected version(s): IBM Security Identity Governance and Intelligence 5.2.1 Virtual Appliance Refer to the following reference URLs for ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light

Apr 27, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 Service Refresh 9 Fix Pack 60 and earlier releases, IBM® Runtime Environment Java™ Version 7R1 Service Refresh 3 Fix Pack 60 and earlier releases, and IBM® Runtime Environment Java™ Version 8 Service Refresh 3 Fix Pack 22 and earlier releases that are used by ...read more


IBM Security Bulletin: Vulnerabilities in Oracle Outside In Technology affect IBM WebSphere Portal (January 2017 CPU)

Apr 27, 2017 10:00 am EDT | High Severity

Oracle Outside In Technology is used by and contained in IBM WebSphere Portal. A fix is available for security vulnerabilities in Oracle Outside In Technology that affect IBM WebSphere Portal (CVE-2017-3266 CVE-2017-3267 CVE-2017-3268 CVE-2017-3269 CVE-2017-3270 CVE-2017-3271 CVE-2017-3293 CVE-2017-3294 CVE-2017-3295). CVE(s): CVE-2017-3266, CVE-2017-3267, CVE-2017-3268, CVE-2017-3269, CVE-2017-3270, CVE-2017-3271, CVE-2017-3293, CVE-2017-3294, CVE-2017-3295 Affected product(s) and affected version(s): IBM ...read more


IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Cinder, Glance, and Nova denial of service vulnerability (CVE-2015-5162)

Apr 27, 2017 10:00 am EDT | Medium Severity

Malicious qemu-img input may exhaust resources in IBM PowerVC’s Cinder, Glance, and Nova services CVE(s): CVE-2015-5162 Affected product(s) and affected version(s): PowerVC Standard Edition 1.2.3.0 through 1.2.3.3 PowerVC Standard Edition 1.3.0.0 through 1.3.0.2 PowerVC Standard Edition 1.3.1.0 through 1.3.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=nas8N1021976X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118290 ...read more


IBM Security Bulletin: IBM Insights Foundation for Energy could allow an authenticated user to obtain sensitive information from error messages (CVE-2017-1141)

Apr 27, 2017 10:00 am EDT | Medium Severity

IBM Insights Foundation for Energy could allow an authenticated user to obtain sensitive information from error messages. CVE(s): CVE-2017-1141 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of Insights Foundation for Energy: · Version 1.6 and before Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more


IBM Security Bulletin: Denial of service vulnerability in OpenSSL affects IBM InfoSphere Master Data Management (CVE-2016-8610)

Apr 27, 2017 10:00 am EDT | High Severity

IBM Initiate Master Data Service and IBM InfoSphere Master Data Management are vulnerable to a OpenSSL denial of service attack and could cause the application to stop responding. CVE(s): CVE-2016-8610 Affected product(s) and affected version(s): This vulnerability is known to affect the following offerings: IBM Initiate Master Data Service versions 10.0 and 10.1 IBM InfoSphere ...read more