High Severity

IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274)

A vulnerability in the IBM Domino server IMAP EXAMINE command potentially could be exploited by an authenticated user resulting in a stack buffer overflow. This could allow a remote attacker to execute code with the privileges of the Domino server. Current 64-bit platforms leverage ASLR (Address Space Layout Randomization) which dramatically reduces the probability of […]

Apache Struts Jakarta Multi-part Parser Code Execution (CVE-2017-5638)

On March 6, 2017 a vulnerability in the Apache Struts Jakarta Multi-part parser code execution was reported by Apache. IBM is analyzing its products to determine which ones may be affected by this vulnerability. Affected IBM products will be issuing mitigations and/or fixes as soon as possible. Please actively monitor both your IBM Support Portal […]

IBM Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-5648, CVE-2017-5647)

May 26, 2017 10:00 am EDT | Medium Severity

Multiple vulnerabilities in Open Source Apache Tomcat reported by The Apache Software Foundation affect IBM Tivoli Application Dependency Discovery Manager CVE(s): CVE-2017-5648, CVE-2017-5647 Affected product(s) and affected version(s): TADDM 7.2.2.0 – 7.2.2.5 TADDM 7.3.0.0 (TADDM 7.3.0.1-3 – not affected – using WebSphere Liberty Profile) Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server

May 26, 2017 10:00 am EDT | Medium Severity

OpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL is used by IBM InfoSphere Information Server. IBM InfoSphere Information Server has addressed the applicable CVEs. CVE(s): CVE-2017-3731, CVE-2017-3732, CVE-2016-7055 Affected product(s) and affected version(s): The following products, running on all supported platforms, are affected: IBM InfoSphere Information Server: versions 9.1, 11.3 ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) – IBM Java SDK updates January 2017

May 26, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR9-FP60 used by IBM Tivoli Application Dependency Discovery Manager (TADDM). These issues were disclosed as part of the IBM Java SDK updates in January 2017 CVE(s): CVE-2017-3289, CVE-2017-3272, CVE-2017-3241, CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2017-3252, CVE-2016-5547, CVE-2016-5552, CVE-2017-3261, CVE-2017-3231, CVE-2017-3259, CVE-2016-2183 Affected product(s) and ...read more


IBM Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect FlashCopy Manager (IBM Spectrum Protect Snapshot) for VMware (CVE-2016-5597)

May 26, 2017 10:00 am EDT | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by FlashCopy Manager (IBM Spectrum Protect Snapshot) for VMware. These issues were disclosed as part of the IBM Java SDK updates in October 2016. CVE(s): CVE-2016-5597 Affected product(s) and affected version(s): The following levels of FlashCopy Manager (IBM Spectrum Protect Snapshot) for VMware are affected: ...read more


IBM Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect IBM Spectrum Protect (Tivoli Storage Manager) Windows and Macintosh Client (CVE-2016-5542, CVE-2017-3260, CVE-2016-5552)

May 26, 2017 10:00 am EDT | High Severity

There are multiple vulnerabilities in the IBM® Runtime Environment Java™ packaged with the IBM Spectrum Protect (formerly Tivoli Storage Manager) Windows and Macintosh Client. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017. CVE(s): CVE-2016-5542, CVE-2017-3260, CVE-2016-5552 Affected product(s) and affected version(s): The following versions of ...read more


IBM Security Bulletin: A vulnerability has been addressed in the GSKit component of IBM Tivoli Network Manager IP Edition (CVE-2016-2183).

May 26, 2017 10:00 am EDT | Low Severity

A vulnerability has been addressed in the GSKit component of IBM Tivoli Network Manager IP Edition. CVE(s): CVE-2016-2183 Affected product(s) and affected version(s): IBM Tivoli Network Manager 3.9, 4.1.1 and 4.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22002980X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/116337 ...read more


IBM Security Bulletin: Vulnerabilities in libxml2 and zlib affect IBM Flex System Networking Switch Products

May 25, 2017 10:27 am EDT | High Severity

IBM Flex System Networking Switch Products have addressed the following vulnerabilities in libxml2 and zlib. Vulnerability Details: CVE(s): CVE-2016-4658, CVE-2016-9318, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): Product Affected Version IBM Flex System Fabric EN4093R 10Gb Scalable Switch 7.8 IBM Flex System Fabric CN4093 10Gb Converged Scalable 7.8 What IBM Flex System Fabric ...read more


IBM Security Bulletin: Vulnerabilities in php5 affect IBM BladeCenter Advanced Management Module (AMM)

May 25, 2017 10:26 am EDT | Medium Severity

IBM BladeCenter Advanced Management Module (AMM) has addressed the following vulnerabilities in php5. Vulnerability Details CVE(s): CVE-2016-6911, CVE-2016-8670 Affected product(s) and affected version(s): Product Affected Version IBM BladeCenter Advanced Management Module (AMM) BPET Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5099580X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119311X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119312 ...read more


IBM Security Bulletin: Vulnerabilities in Bind affect PowerKVM

May 25, 2017 10:02 am EDT | Medium Severity

PowerKVM is affected by vulnerabilities in ISC Bind. IBM has now addressed these vulnerabilities. CVE(s): CVE-2017-3136 Affected product(s) and affected version(s): PowerKVM versions 2.1 and 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1025194X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/124516 ...read more