High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System

Jun 27, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK updates in April 2017. IBM PureApplication System has addressed the applicable CVEs. These issues were also addressed by IBM WebSphere Application Server shipped with IBM PureApplication System. CVE(s): CVE-2017-3511, ...read more


IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK Java™ Technology Edition Version 6, 7, 8 and IBM® Runtime Environment Java™ Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation

Jun 27, 2017 10:00 am EDT | Low Severity

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK Java™ Technology Edition Version 6, 7, 8 and IBM® Runtime Environment Java™ Version 6, 7, 8 in IBM FileNet Content Manager, and IBM Content Foundation. Java SE issues disclosed in the Oracle April 2017 Critical Patch Update. CVE(s): CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): ...read more


IBM Security Bulletin: Vulnerability in OpenSSL affects IBM PureApplication System (CVE-2017-3731)

Jun 27, 2017 10:00 am EDT | Medium Severity

A potential denial of service vulnerability was reported by the OpenSSL project. IBM PureApplication System addressed the applicable CVE. CVE(s): CVE-2017-3731 Affected product(s) and affected version(s): IBM PureApplication System V2.2 IBM PureApplication System V2.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22005135X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121312 ...read more


IBM Security Bulletin: Multiple Vulnerabilites in IBM Java Runtime Affect Optim Data Growth, Test Data Management and Application Retirement

Jun 27, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 used by Optim Data Growth, Test Data Management and Application Retirement. These issues were disclosed as part of the IBM Java SDK updates in January 2017. CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183 Affected product(s) and affected version(s): IBM InfoSphere Optim solutions and editions versions ...read more


IBM Security Bulletin: Security vulnerability in SWF files shipped with IBM Cúram Social Program Management (CVE-2017-1106)

Jun 27, 2017 10:00 am EDT | Medium Severity

SWF files that are shipped with the IBM Cúram Social Program Management product are compiled with a vulnerable version of the Adobe Flex SDK. CVE(s): CVE-2017-1106 Affected product(s) and affected version(s): IBM Cúram Social Program Management 7.0.0.0 – 7.0.0.1 IBM Cúram Social Program Management 6.2.0.0 – 6.2.0.4 IBM Cúram Social Program Management 6.1.1.0 – 6.1.1.4 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs)

Jun 26, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM Java Runtime, Version 6.0, 7.0 and 8.0 that is used by IBM Tivoli Composite Application Manager for Transactions. These issues were disclosed as part of the IBM Java SDK updates in April 2017. CVE(s): CVE-2017-3514, CVE-2017-3512, CVE-2017-3511, CVE-2017-3509, CVE-2017-3539, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator

Jun 26, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6, Version 7 and Version 8 used by Rational Directory Server (Tivoli) and Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in April 2017. Install the recommended iFixes to upgrade the JRE in order to resolve these issues. ...read more


IBM Security Bulletin: Vulnerability affects WebSphere Application Server shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2016-3092)

Jun 26, 2017 10:00 am EDT | Medium Severity

There is a security vulnerability in WebSphere Application Server, IBM Business Process Manager, and IBM Tivoli System Automation Application Manager that is shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise. Additionally, the vulnerability affects Jazz™ for Service Management and IBM Tivoli Monitoring, which are shipped with Cloud Orchestrator Enterprise. CVE(s): CVE-2016-3092 Affected product(s) and ...read more


IBM Security Bulletin: October 2015 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products

Jun 26, 2017 10:00 am EDT | High Severity

Multiple N Series Products incorporate the Oracle Java Platform, Standard Edition (Java SE) software libraries. Java SE (JDK and JRE) versions below 8u65, 7u91 and 6u105 and OpenJDK versions below 1.7.0.91 and 1.8.0.65 are susceptible to multiple vulnerabilities, potentially leading to an unauthorized Operating System takeover, a partial denial of service (DOS), an unauthorized read, ...read more